axis (1.4-28+deb10u1) buster-security; urgency=high * Team upload. * Fix CVE-2023-40743. * Revert to compat level 12. -- Markus Koschany Tue, 17 Oct 2023 13:51:32 +0200 axis (1.4-29) unstable; urgency=medium * Team upload. * Fix CVE-2023-40743: When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE. (Closes: #1051288) * Switch to debhelper-compat = 13. * Declare compliance with Debian Policy 4.6.2. -- Markus Koschany Tue, 17 Oct 2023 01:00:51 +0200 axis (1.4-28) unstable; urgency=medium * Fixed the build failure with Java 11 (Closes: #911187) * Fixed CVE-2018-8032: Cross-site scripting (XSS) attack in the default servlet/services (Closes: #905328) * Fixed the generation of the javadoc * Standards-Version updated to 4.2.1 -- Emmanuel Bourg Mon, 03 Dec 2018 08:25:51 +0100 axis (1.4-27) unstable; urgency=medium * Team upload. * Install the jar files in /usr/share/java (Closes: #901058) -- Emmanuel Bourg Fri, 08 Jun 2018 23:22:28 +0200 axis (1.4-26) unstable; urgency=medium * Team upload. [ Markus Koschany ] * Fix FTBFS with Java 9. (Closes: #893098) [ Emmanuel Bourg ] * Removed Damien Raude-Morvan from the uploaders (Closes: #889464) * Build with the DH sequencer instead of CDBS * Standards-Version updated to 4.1.4 * Switch to debhelper level 11 * Use salsa.debian.org Vcs-* URLs -- Emmanuel Bourg Thu, 07 Jun 2018 13:58:57 +0200 axis (1.4-25) unstable; urgency=medium * Fixed the build failure with Ant 1.9.8 (Closes: #851030) * Moved the package to Git * Standards-Version updated to 3.9.8 * Switch to debhelper level 10 -- Emmanuel Bourg Thu, 12 Jan 2017 18:28:23 +0100 axis (1.4-24) unstable; urgency=medium * Team upload. * Restored the missing Export-Package attributes -- Emmanuel Bourg Fri, 15 Jan 2016 22:33:32 +0100 axis (1.4-23) unstable; urgency=medium * Team upload. * Transition to bnd 2.1.0. * Vcs-Browser: Use https. * wrap-and-sort -sa. -- Markus Koschany Tue, 17 Nov 2015 16:53:49 +0100 axis (1.4-22) unstable; urgency=medium * Updated the dependency on the Servlet API (3.0 -> 3.1) * libaxis-java no longer depends on the Servlet API since it's always provided by the web container executing Axis. * Replaced the dependency on libgnumail-java with libmail-java -- Emmanuel Bourg Fri, 17 Oct 2014 13:23:45 +0200 axis (1.4-21) unstable; urgency=high * Team upload. * Fix CVE-2014-3596. - Replace 06-fix-CVE-2012-5784.patch with CVE-2014-3596.patch which fixes both CVE issues. Thanks to Raphael Hertzog for the report. - The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784. - (Closes: #762444) * Declare compliance with Debian Policy 3.9.6. * Use compat level 9 and require debhelper >=9. * Use canonical VCS fields. -- Markus Koschany Thu, 25 Sep 2014 19:45:08 +0000 axis (1.4-20) unstable; urgency=low * Updated the dependency on the Servlet API (2.5 -> 3.0) * Removed the obsolete dependency on the Activation Framework (libgnujaf-java) * Added the upstream changelog * debian/rules: Improved the clean target to allow rebuilds -- Emmanuel Bourg Wed, 15 May 2013 00:56:15 +0200 axis (1.4-19) unstable; urgency=low * Team upload. * Upload to unstable. -- tony mancill Mon, 13 May 2013 22:00:05 -0700 axis (1.4-18) experimental; urgency=low * Team upload. * debian/watch: Fixed the URL * debian/control: Add Emmanuel Bourg to list of Uploaders. -- Emmanuel Bourg Tue, 02 Apr 2013 17:02:15 +0200 axis (1.4-17) experimental; urgency=low * Team upload. [ Jakub Adam ] * Use bnd to generate OSGi metadata. * Remove Michael Koch from Uploaders (Closes: #653992). - Thanks for your contribution to this package. * Bump Standards-Version to 3.9.4. [ tony mancill ] * Acknowledge NMU: Thank you to Alberto Fernández Martínez. - Fix CVE-2012-5784 (Closes: #692650) * Update d/copyright to add lintian warnings. -- tony mancill Mon, 04 Feb 2013 22:14:27 -0800 axis (1.4-16.2) unstable; urgency=low * Non-maintainer upload. * Fix CVE-2012-5784 (Closes: #692650) * Fix CN extraction from DN of X500 principal. * Fix wildcard validation on ssl connections -- Alberto Fernández Martínez Thu, 6 Dec 2012 14:28:00 +0100 axis (1.4-16.1) unstable; urgency=low * Non-maintainer upload. * Fix CVE-2012-5784 (Closes: #692650) -- Alberto Fernández Martínez Wed, 5 Dec 2012 17:28:00 +0100 axis (1.4-16) unstable; urgency=low * Add missing dependency on libcommons-httpclient-java * Update Export-Package OSGi attribute in manifest * Add Require-Bundle OSGi attributes -- Jakub Adam Mon, 31 Oct 2011 11:07:24 +0100 axis (1.4-15) unstable; urgency=low * Add OSGi metadata to jar manifests * Bump to Standards-Version 3.9.2 * Updated the DEP-5 copyright to r202 -- Jakub Adam Thu, 27 Oct 2011 19:23:14 +0200 axis (1.4-14) unstable; urgency=low * Team upload. * Drop package libaxis-java-gcj. -- Torsten Werner Thu, 08 Sep 2011 17:13:34 +0200 axis (1.4-13) unstable; urgency=low [ tony mancill ] * libaxis-java-gcj: Remove incorrect libservlet2.4 depedency; the dependency on libaxis-java is sufficient. Thanks to Matthias Klose. (Closes: #597950) [ Damien Raude-Morvan ] * d/control: Bump Standards-Versions to 3.9.1 (no changes required). * d/control: Change short synopsis of packages. * Finaly upload to unstable. -- Damien Raude-Morvan Sun, 06 Mar 2011 19:08:04 +0100 axis (1.4-12) unstable; urgency=low [ Niels Thykier ] * Bumped Standards-Versions to 3.9.0 - no changes required. * Replaced B-D on default-jdk-builddep with gcj-native-helper and default-jdk. [ Damien Raude-Morvan ] * Downgrade libaxis-java-gcj from Recommends to Suggest (Closes: #582151). * Remove Depends on JRE since Axis is a library. -- Damien Raude-Morvan Thu, 08 Jul 2010 00:06:06 +0200 axis (1.4-11) unstable; urgency=low * Merge changes from Ubuntu: - debian/control, debian/rules: (Build-)Depend on libservlet2.5-java instead of libservlet2.4-java (LP: #534913) * Remove Stephan and Vladimír from Uploaders list. -- Torsten Werner Sun, 09 May 2010 02:53:34 +0200 axis (1.4-10) unstable; urgency=low * Add symlinks for old JAR names to fix some FTBFS (Closes: #575041): - saaj.jar -> axis-saaj.jar - jaxrpc.jar -> axis-jaxrpc.jar * Javadoc: - Install Javadoc to /usr/share/doc/libaxis-java/api/ - Register Javadoc with doc-base - d/patches/javadoc.diff and d/rules: Fix javadoc call to only use javadoc and no gjdoc (which fail with UnmappableCharacterException) and force 1.3 source format. * Fix short description of libaxis-java-doc to contains "documentation" * Rework d/copyright to use DEP5 format -- Damien Raude-Morvan Thu, 25 Mar 2010 23:45:41 +0100 axis (1.4-9) unstable; urgency=low * debian/rules: Fix FTBFS when doing arch build: - overrive install/libaxis-java for mh_installjar calls (instead of binary-post-install) -- Damien Raude-Morvan Sat, 20 Mar 2010 23:46:28 +0100 axis (1.4-8) unstable; urgency=low * Add Maven support: - debian/control: Build-Depends on maven-repo-helper - Add pom's files to debian/poms/ - debian/rules: Use mh_installpoms and mh_installjar * Update Standards-Version: 3.8.4 - debian/rules: Add recommended get-orig-source target * Bump to debhelper >= 7 * Use 3.0 (quilt) source format: - debian/source/format: Set 3.0 (quilt) - debian/control: Remove quilt - debian/rules: Remove simpl-patchsys.mk - Refresh all debian/patches/* * Add DEP-3 headers to all patches -- Damien Raude-Morvan Sat, 20 Mar 2010 23:00:50 +0100 axis (1.4-7) unstable; urgency=low * Change Build-Depends: ant1.7-optional because gij is failing with ant 1.8. -- Torsten Werner Sat, 27 Feb 2010 18:52:14 +0100 axis (1.4-6ubuntu1) lucid; urgency=low * debian/control, debian/rules: (Build-)Depend on libservlet2.5-java instead of libservlet2.4-java (LP: #534913) * debian/rules: Drop extra JAVA_HOME entry, build with default-jdk -- Thierry Carrez Tue, 09 Mar 2010 09:39:09 +0100 axis (1.4-6) unstable; urgency=low [ Matthias Klose ] * axis: Depend on default-jre-headless. * Build using java-gcj (axis is not 1.6 source compatible). [ Torsten Werner ] * Add patch for gcj-4.4: do not build function clearCache() which is not used anyway. (Closes: #531995) * Add myself to Uploaders. * Do no longer quote the full text of the Apache license. * Fix lintian warnings. * Move package to Section: java. * Update Standards-Version: 3.8.2 (no changes). * Add missing Depends: ${misc:Depends}. -- Torsten Werner Fri, 24 Jul 2009 18:38:59 +0200 axis (1.4-5) unstable; urgency=low * Added missing packages to Depends of libaxis-java. Closes: #432582, #432582 * Build-Depend on default-jdk-builddep instead of java-gcj-compat-dev. Closes: #477846 * Cleaned up debian/copyright. * Added watch file. * Added Homepage, Vcs-Svn and Vcs-Browser fields. * Updated Standards-Version to 3.7.3. -- Michael Koch Sat, 26 Apr 2008 22:49:29 +0200 axis (1.4-3) unstable; urgency=low * Added xmlParserAPIs.jar and xercesImpl.jar to classpath. Closes: #432538. -- Michael Koch Sat, 14 Jul 2007 21:10:45 +0200 axis (1.4-2) unstable; urgency=low * Upload to unstable. * Inlcude javadocs. -- Michael Koch Fri, 20 Apr 2007 17:32:10 -0100 axis (1.4-1) experimental; urgency=low * Merged from Ubuntu. * Upload to experimental. -- Michael Koch Sat, 3 Mar 2007 10:48:11 +0100 axis (1.4-0ubuntu5) feisty; urgency=low * Fix build failure for binary arch builds. -- Matthias Klose Wed, 28 Feb 2007 17:10:36 +0100 axis (1.4-0ubuntu4) feisty; urgency=low * Recommend ant, instead of depending on it. * Install axis-ant.jar into usr/share/ant/lib. -- Matthias Klose Wed, 28 Feb 2007 12:22:49 +0100 axis (1.4-0ubuntu3) feisty; urgency=low * Build a libaxis-java-gcj package. * Set Ubuntu maintainer address. -- Matthias Klose Wed, 28 Feb 2007 01:06:05 +0100 axis (1.4-0ubuntu2) feisty; urgency=low * Added axis-ant.jar to the binary package -- Vladimír Lapáček Sat, 20 Jan 2007 11:09:48 +0100 axis (1.4-0ubuntu1) edgy; urgency=low * New upstream release. -- Vladimír Lapáček Wed, 6 Sep 2006 22:31:39 +0200 axis (1.2.1-1) unstable; urgency=low * Initial version based of the work of the Fedora packagers. -- Stephan Michels Mon, 9 Jan 2006 11:40:09 +0100