[ubuntu/karmic] jetty 6.1.20-2 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Tue Oct 20 15:26:08 BST 2009
jetty (6.1.20-2) unstable; urgency=low
* Move documentation to /usr/share/doc/libjetty-java
* Better postinst and postrm scripts, aligned with tomcat6 scripts:
- postinst: user jetty is created with its own group
- postrm: better cleanup of temporary data,
thourough remove and purge of data
* debian/changelog:
- fix suggest for package libjetty-java-doc, add libjetty-java-doc
to the list of Suggests for libjetty-java
- add libjetty-extra to the list of Suggests for package jetty.
jetty (6.1.20-1) unstable; urgency=medium
[ Niels Thykier ]
* New upstream release.
* Stop using Build-Depends-Indep, since the policy and the build
daemons disagree on when it should be used (Closes: #540861).
* Corrected jetty.install to reflect the move of some license files
in the source tree.
* Bumped to Standard-Versions 3.8.3 - no changes required.
* Updated jetty.post{install,rm} scripts to use "set -e" instead of
passing it to sh.
* Installed "VERSION.txt" as upstream changelog.
* A previous version (6.1.18-1) fixed the following security problems, which
were not mentioned in the changelog: CVE-2007-5613, CVE-2007-5614,
CVE-2007-5615, CVE-2009-1523, and CVE-2009-1524 (see below for more
information).
[ Torsten Werner ]
* Set urgency to medium because this version fixes a FTBFS.
jetty (6.1.19-2) unstable; urgency=low
* Upload to unstable.
jetty (6.1.19-1) experimental; urgency=low
[ Ludovic Claude ]
* New upstream release fixing a security vulnerability
(cookies are not secure if you are running behind a netscaler).
* Remove the bootstrap patch as it has been added upstream and update
the build to use the new start-daemon component.
* Remove the Build-Depend on quilt as the patch is not needed anymore.
* Add the Maven POM to the package.
* Add a Build-Depends dependency on maven-repo-helper.
* Use mh_installpom and mh_installjar to install the POM and the jar to the
Maven repository.
* Add optional support for web applications located in /usr/share/webapps.
* Add a cron job that cleans up the old log files in /var/log/jetty.
* Register the Javadoc into Debian documentation and put it in a
separate package (libjetty-java-doc).
* Use openjdk-6-jdk for the build; add a Build-Depends on this
package. Required to build the javadoc.
* Update debian/copyright (patch provided by Jan Pascal Vanbest
<janpascal at vanbest.org>).
[ Torsten Werner ]
* Add myself to Uploaders.
* Update Standards-Version: 3.8.2.
* Move package libjetty-java-doc to Section: doc.
* Fix init script: check for /etc/default/rcS before reading it.
jetty (6.1.18-1) unstable; urgency=low
[Ludovic Claude]
* Add myself to Uploaders.
* Change the build dependency on java-gcj to default-jdk.
* Add init.d startup script.
* Add dependencies on ant, libslf4j-java, libxerces2-java, libtomcat6-java
for libjetty-extra-java, add links for the lib folder.
* Add dependency on jsvc to run jetty as a daemon.
* Add the package libjetty-setuid-java for the Setuid module (with native
code).
* Add an index page used when Jetty starts.
* Use latest jasper from Tomcat to provide jsp 2.1 instead of
Glassfish JSP implementation as in the standard distribution.
* Add tools.jar to the classpath to be able to run JSP (Closes: #452586).
* Fix Lintian warnings: add ${misc:Depends} to all Depends.
* Move jetty to main as all its dependencies are in main,
and jetty contains only code that complies with Debian guidelines,
use java section like tomcat6
(Closes: #498582).
* Do not depend on tomcat 5.5 (Closes: #530720, #458399).
* Remove empty prerm and preinst scripts.
* Remove old patches that don't apply anymore.
* Update copyright and remove full text of Apache license.
* Bump up compat to 6 and Standards-Version to 3.8.1.
[David Yu]
* New upstream release for jetty
(Closes: #528389, #527571, #454529, #425152).
* Fixed jetty.links. Now delegates install of start.jar to libjetty-java.
[ Torsten Werner ]
* fixes several security issues:
- CVE-2007-5613: Cross-site scripting (XSS) vulnerability in Dump Servlet.
- CVE-2007-5614: Quote Sequence vulnerability.
- CVE-2007-5615: CRLF injection vulnerability.
- CVE-2009-1523: Directory traversal vulnerability in the HTTP server in
Mort Bay Jetty.
- CVE-2009-1524: Cross-site scripting (XSS) vulnerability in Mort
Bay Jetty.
(Closes: #454529, #528389, #527571, #543462).
Date: Tue, 20 Oct 2009 15:11:18 +0100
Changed-By: Matthias Klose <matthias.klose at canonical.com>
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Origin: Debian/unstable
https://launchpad.net/ubuntu/karmic/+source/jetty/6.1.20-2
-------------- next part --------------
Origin: Debian/unstable
Format: 1.7
Date: Tue, 20 Oct 2009 15:11:18 +0100
Source: jetty
Binary: libjetty-java, libjetty-java-doc, libjetty-extra-java, libjetty-extra, jetty
Architecture: source
Version: 6.1.20-2
Distribution: karmic
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Matthias Klose <matthias.klose at canonical.com>
Description:
jetty - Java servlet engine and webserver
Closes: 425152 452586 454529 454529 458399 498582 527571 527571 528389 528389 530720 540861 543462
Changes:
jetty (6.1.20-2) unstable; urgency=low
.
* Move documentation to /usr/share/doc/libjetty-java
* Better postinst and postrm scripts, aligned with tomcat6 scripts:
- postinst: user jetty is created with its own group
- postrm: better cleanup of temporary data,
thourough remove and purge of data
* debian/changelog:
- fix suggest for package libjetty-java-doc, add libjetty-java-doc
to the list of Suggests for libjetty-java
- add libjetty-extra to the list of Suggests for package jetty.
.
jetty (6.1.20-1) unstable; urgency=medium
.
[ Niels Thykier ]
* New upstream release.
* Stop using Build-Depends-Indep, since the policy and the build
daemons disagree on when it should be used (Closes: #540861).
* Corrected jetty.install to reflect the move of some license files
in the source tree.
* Bumped to Standard-Versions 3.8.3 - no changes required.
* Updated jetty.post{install,rm} scripts to use "set -e" instead of
passing it to sh.
* Installed "VERSION.txt" as upstream changelog.
* A previous version (6.1.18-1) fixed the following security problems, which
were not mentioned in the changelog: CVE-2007-5613, CVE-2007-5614,
CVE-2007-5615, CVE-2009-1523, and CVE-2009-1524 (see below for more
information).
.
[ Torsten Werner ]
* Set urgency to medium because this version fixes a FTBFS.
.
jetty (6.1.19-2) unstable; urgency=low
.
* Upload to unstable.
.
jetty (6.1.19-1) experimental; urgency=low
.
[ Ludovic Claude ]
* New upstream release fixing a security vulnerability
(cookies are not secure if you are running behind a netscaler).
* Remove the bootstrap patch as it has been added upstream and update
the build to use the new start-daemon component.
* Remove the Build-Depend on quilt as the patch is not needed anymore.
* Add the Maven POM to the package.
* Add a Build-Depends dependency on maven-repo-helper.
* Use mh_installpom and mh_installjar to install the POM and the jar to the
Maven repository.
* Add optional support for web applications located in /usr/share/webapps.
* Add a cron job that cleans up the old log files in /var/log/jetty.
* Register the Javadoc into Debian documentation and put it in a
separate package (libjetty-java-doc).
* Use openjdk-6-jdk for the build; add a Build-Depends on this
package. Required to build the javadoc.
* Update debian/copyright (patch provided by Jan Pascal Vanbest
<janpascal at vanbest.org>).
.
[ Torsten Werner ]
* Add myself to Uploaders.
* Update Standards-Version: 3.8.2.
* Move package libjetty-java-doc to Section: doc.
* Fix init script: check for /etc/default/rcS before reading it.
.
jetty (6.1.18-1) unstable; urgency=low
.
[Ludovic Claude]
* Add myself to Uploaders.
* Change the build dependency on java-gcj to default-jdk.
* Add init.d startup script.
* Add dependencies on ant, libslf4j-java, libxerces2-java, libtomcat6-java
for libjetty-extra-java, add links for the lib folder.
* Add dependency on jsvc to run jetty as a daemon.
* Add the package libjetty-setuid-java for the Setuid module (with native
code).
* Add an index page used when Jetty starts.
* Use latest jasper from Tomcat to provide jsp 2.1 instead of
Glassfish JSP implementation as in the standard distribution.
* Add tools.jar to the classpath to be able to run JSP (Closes: #452586).
* Fix Lintian warnings: add ${misc:Depends} to all Depends.
* Move jetty to main as all its dependencies are in main,
and jetty contains only code that complies with Debian guidelines,
use java section like tomcat6
(Closes: #498582).
* Do not depend on tomcat 5.5 (Closes: #530720, #458399).
* Remove empty prerm and preinst scripts.
* Remove old patches that don't apply anymore.
* Update copyright and remove full text of Apache license.
* Bump up compat to 6 and Standards-Version to 3.8.1.
.
[David Yu]
* New upstream release for jetty
(Closes: #528389, #527571, #454529, #425152).
* Fixed jetty.links. Now delegates install of start.jar to libjetty-java.
.
[ Torsten Werner ]
* fixes several security issues:
- CVE-2007-5613: Cross-site scripting (XSS) vulnerability in Dump Servlet.
- CVE-2007-5614: Quote Sequence vulnerability.
- CVE-2007-5615: CRLF injection vulnerability.
- CVE-2009-1523: Directory traversal vulnerability in the HTTP server in
Mort Bay Jetty.
- CVE-2009-1524: Cross-site scripting (XSS) vulnerability in Mort
Bay Jetty.
(Closes: #454529, #528389, #527571, #543462).
Files:
dc3786793a84f70ce5adf8a5b79b787e 1599 java optional jetty_6.1.20-2.dsc
4b18c03c2c5e774bcd1120bbab405e98 18632 java optional jetty_6.1.20-2.diff.gz
891a807131b74b67e2ebaf3c631614e1 2051081 java optional jetty_6.1.20.orig.tar.gz
More information about the Karmic-changes
mailing list