lucene-solr (3.6.2+dfsg-20+deb10u2) buster; urgency=medium * Team upload. * Fix CVE-2019-0193: The DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting from now on, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. For example this can be achieved with solr-tomcat by adding -Denable.dih.dataConfigParam=true to JAVA_OPTS in /etc/default/tomcat9. -- Markus Koschany Sun, 16 Aug 2020 15:56:26 +0200 lucene-solr (3.6.2+dfsg-20+deb10u1) buster; urgency=medium * Team upload. * Disable obsolete call to ContextHandler in solr-jetty9.xml. Install solr-permissions.conf into /etc/systemd/system/jetty9.service.d/ and override read-only permissions of Jetty9 which will allow the service to start out-of-the-box again. Thanks to Stephan Beirer for the report. (Closes: #933854, #933857) -- Markus Koschany Wed, 04 Sep 2019 22:30:29 +0200 lucene-solr (3.6.2+dfsg-20) unstable; urgency=medium * Team upload. * Remove now obsolete solr-permissions.conf in /etc/systemd/system/tomcat9.d/. -- Markus Koschany Thu, 25 Apr 2019 16:39:14 +0200 lucene-solr (3.6.2+dfsg-19) unstable; urgency=medium * Team upload. * Install solr-permissions.conf into the correct directory. -- Markus Koschany Fri, 19 Apr 2019 00:39:36 +0200 lucene-solr (3.6.2+dfsg-18) unstable; urgency=medium * Team upload. * Add solr-permissions.conf and override tomcat9 permissions to allow solr-tomcat read-write access to /var/lib/solr. (Closes: #919638) -- Markus Koschany Sat, 02 Mar 2019 23:02:16 +0100 lucene-solr (3.6.2+dfsg-17) unstable; urgency=medium * Team upload. * Do not build the lucene3 javadocs anymore. Very low popcon and build failures. (Closes: #917739) * Remove TODO.Debian. * Add web.xml.patch and use a correct DTD schema otherwise jasper will abort the build process. * Remove el-api.jar from the classpath to avoid a conflict with jasper-el. * Execute postrm commands in solr-jetty and solr-tomcat on purge too. (Closes: #914223) -- Markus Koschany Fri, 15 Feb 2019 11:21:49 +0100 lucene-solr (3.6.2+dfsg-16) unstable; urgency=medium * Team upload. * Transition to Tomcat 9 * Fixed the compatibility with Jetty 9.4 * Use salsa.debian.org Vcs-* URLs -- Emmanuel Bourg Mon, 10 Dec 2018 22:59:36 +0100 lucene-solr (3.6.2+dfsg-15) unstable; urgency=medium * Team upload. * Switch from libmysql-java to libmariadb-java. -- Markus Koschany Fri, 09 Nov 2018 17:23:59 +0100 lucene-solr (3.6.2+dfsg-14) unstable; urgency=medium * Team upload. * debian/build-jars: Fix broken links to woodstox-core.jar. The jar files were renamed. (Closes: #906384). This also addresses the runtime error. solr-tomcat works as expected again. (Closes: #904063) * Disable the tests and work around a FTBFS. Ideally this should been investigated and fixed eventually. -- Markus Koschany Sat, 25 Aug 2018 23:23:24 +0200 lucene-solr (3.6.2+dfsg-13) unstable; urgency=medium * Team upload. * Symlink /etc/solr/solr-jetty.xml to /var/lib/jetty9/webapps/solr.xml to make solr-jetty work out-of-the-box. Thanks to Larocque for the report. (Closes: #886090) -- Markus Koschany Sun, 06 May 2018 20:51:06 +0200 lucene-solr (3.6.2+dfsg-12) unstable; urgency=high * Team upload. * Fix FTBFS with Ant 1.10. (Closes: #895797) * Fix CVE-2018-1308. (Closes: #896604) * Declare compliance with Debian Policy 4.1.4. -- Markus Koschany Tue, 01 May 2018 23:35:41 +0200 lucene-solr (3.6.2+dfsg-11) unstable; urgency=medium * Team upload. * Switch to compat level 11. * Declare compliance with Debian Policy 4.1.3. * Fix CVE-2017-12629: possible remote code execution by exploiting XXE. For security reasons the RunExecutableListener class was permanently removed. * Fix CVE-2017-3163: path traversal vulnerability. (Closes: #867712) -- Markus Koschany Sun, 14 Jan 2018 14:32:32 +0100 lucene-solr (3.6.2+dfsg-10) unstable; urgency=medium * Team upload. * Remove obsolete Resources className directive as it does not work with Tomcat8. Thanks to Matthias Liertzer for the report. (Closes: #856626) -- Markus Koschany Thu, 30 Mar 2017 20:24:00 +0200 lucene-solr (3.6.2+dfsg-9) unstable; urgency=medium * Team upload. [ Emmanuel Bourg ] * Switched the dependencies to tomcat8, libservlet3.1-java and jetty9 * Standards-Version updated to 3.9.8 * Use a secure Vcs-* URL * Fixed the watch file [ tony mancill ] * Add Dutch translation of debconf messages. (Closes: #835136) Thank you to Frans Spiesschaert for the translation. -- Emmanuel Bourg Mon, 24 Oct 2016 17:10:19 +0200 lucene-solr (3.6.2+dfsg-8) unstable; urgency=medium * Team upload. * Transition to bnd 2.1.0. * Fix Lintian warning empty-short-license-in-dep5-copyright. * Fix Lintian warnings command-with-path-in-maintainer-script. * Vcs-Browser: Use https. -- Markus Koschany Thu, 19 Nov 2015 22:13:50 +0100 lucene-solr (3.6.2+dfsg-7) unstable; urgency=medium * Add OSGi metadata to JAR manifests * Add Jakub Adam to Uploaders * Update file paths in d/copyright -- Jakub Adam Mon, 03 Aug 2015 15:49:56 +0200 lucene-solr (3.6.2+dfsg-6) unstable; urgency=medium * Team upload. [ Emmanuel Bourg ] * Removed the dependency on libgeronimo-stax-1.2-spec-java * Fixed a test failure with commons-codec 1.10 * Fixed a test failure with Java 8 (Closes: #760927) * Use XZ compression for the upstream tarball * debian/watch: No longer use the defunct githubredir.debian.net redirector [ Victor Seva ] * solr-tomcat: allow tomcat7-user as depends (Closes: #606138) -- Emmanuel Bourg Mon, 13 Jul 2015 14:45:06 +0200 lucene-solr (3.6.2+dfsg-5) unstable; urgency=medium * Team upload. * Fixed the deployment with Jetty 8 (Closes: #752547, #767525) * Enable the symbolic links with Jetty (Closes: #701876) * Fixed the path to dpkg-statoverride in solr-jetty.postrm (Closes: #767519) -- Emmanuel Bourg Fri, 31 Oct 2014 19:28:25 +0100 lucene-solr (3.6.2+dfsg-4) unstable; urgency=medium * Team upload. * Switched the dependencies to tomcat7, libservlet3.0-java and jetty8 * Fixed a format issue with CVE-2013-6397.patch * Standards-Version updated to 3.9.6 (no changes) -- Emmanuel Bourg Mon, 06 Oct 2014 15:47:56 +0200 lucene-solr (3.6.2+dfsg-3) unstable; urgency=medium * Team upload. * Add tomcat-coyote to debian/build-jars to address FTBFS. (Closes: #749364) * Update Vcs- URLs in debian/control. * Use debhelper 9. * Bump Standards-Version to 3.9.5. -- tony mancill Tue, 10 Jun 2014 22:29:19 -0700 lucene-solr (3.6.2+dfsg-2) unstable; urgency=low * Fixes for new security vulnerabilities (Closes: #731113): - debian/patches/CVE-2013-6397.patch: Fix DocumentAnalysisRequestHandler to correctly use EmptyEntityResolver to prevent loading of external entities like UpdateRequestHandler does. CVE-2013-6397 - debian/patches/CVE-2013-6407_CVE-2013-6408.patch: XML and XSLT UpdateRequestHandler should not try to resolve external entities. This improves speed of loading e.g. XSL-transformed XHTML documents. CVE-2013-6407 Fix XML parsing in XPathEntityProcessor to correctly expand named entities, but ignore external entities. CVE-2013-6408 -- James Page Sat, 14 Dec 2013 22:07:54 +0000 lucene-solr (3.6.2+dfsg-1) unstable; urgency=low * Upload to unstable. -- James Page Thu, 16 May 2013 10:45:27 +0100 lucene-solr (3.6.2+dfsg-1~exp1) experimental; urgency=low [ tony mancill ] * solr-jetty: correct symlink to solr in /var/lib/jetty/webapps/ (Closes: #696347) [ James Page ] * New upstream release. * d/copyright: Removed surplus GPL-2 paragraph. * d/control: Tidied short descriptions. -- James Page Mon, 07 Jan 2013 14:23:47 +0000 lucene-solr (3.6.1+dfsg-1) experimental; urgency=low * New upstream release. * Add dependency on JDK for solr-jetty (LP: #1046732): - d/control: Add extra Depends on default-jdk | java5-jdk as jetty requires a full JDK to support use of JSP's which solr uses. -- James Page Wed, 21 Nov 2012 09:31:05 +0000 lucene-solr (3.6.0+dfsg-1) unstable; urgency=low * Initial release. (Closes: #594027) -- James Page Tue, 29 May 2012 17:32:24 +0100