lucene-solr (3.6.2+dfsg-23) unstable; urgency=medium * Declare compliance with Debian Policy 4.5.1. * Switch to debhelper-compat = 13. * Drop solr-tomcat, solr-jetty, solr-common and libsolr-java. The version of solr in Debian is outdated and newer versions are not viable to maintain. An alternative version packaged with jdeb or similar tools may be available via the contrib repository in the future. (Closes: #982001, #581435, #800983, #840827, #842402, #842706, #931845, #956464) -- Markus Koschany Mon, 22 Feb 2021 17:02:39 +0100 lucene-solr (3.6.2+dfsg-22) unstable; urgency=medium * Add myself to Uploaders and remove Jakub Adam, James Page and Mat Scales because they are not active anymore. * Declare compliance with Debian Policy 4.4.1. * Fix CVE-2019-0193: The DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting from now on, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. For example this can be achieved with solr-tomcat by adding -Denable.dih.dataConfigParam=true to JAVA_OPTS in /etc/default/tomcat9. -- Markus Koschany Thu, 10 Oct 2019 17:39:16 +0200 lucene-solr (3.6.2+dfsg-21) unstable; urgency=high * Team upload. * Switch to debhelper-compat = 12. * Disable obsolete call to ContextHandler in solr-jetty9.xml. Install solr-permissions.conf into /etc/systemd/system/jetty9.service.d/ and override read-only permissions of Jetty9 which will allow the service to start out-of-the-box again. Thanks to Stephan Beirer for the report. (Closes: #933854, #933857) * Declare compliance with Debian Policy 4.4.0. -- Markus Koschany Mon, 02 Sep 2019 14:07:25 +0200 lucene-solr (3.6.2+dfsg-20) unstable; urgency=medium * Team upload. * Remove now obsolete solr-permissions.conf in /etc/systemd/system/tomcat9.d/. -- Markus Koschany Thu, 25 Apr 2019 16:39:14 +0200 lucene-solr (3.6.2+dfsg-19) unstable; urgency=medium * Team upload. * Install solr-permissions.conf into the correct directory. -- Markus Koschany Fri, 19 Apr 2019 00:39:36 +0200 lucene-solr (3.6.2+dfsg-18) unstable; urgency=medium * Team upload. * Add solr-permissions.conf and override tomcat9 permissions to allow solr-tomcat read-write access to /var/lib/solr. (Closes: #919638) -- Markus Koschany Sat, 02 Mar 2019 23:02:16 +0100 lucene-solr (3.6.2+dfsg-17) unstable; urgency=medium * Team upload. * Do not build the lucene3 javadocs anymore. Very low popcon and build failures. (Closes: #917739) * Remove TODO.Debian. * Add web.xml.patch and use a correct DTD schema otherwise jasper will abort the build process. * Remove el-api.jar from the classpath to avoid a conflict with jasper-el. * Execute postrm commands in solr-jetty and solr-tomcat on purge too. (Closes: #914223) -- Markus Koschany Fri, 15 Feb 2019 11:21:49 +0100 lucene-solr (3.6.2+dfsg-16) unstable; urgency=medium * Team upload. * Transition to Tomcat 9 * Fixed the compatibility with Jetty 9.4 * Use salsa.debian.org Vcs-* URLs -- Emmanuel Bourg Mon, 10 Dec 2018 22:59:36 +0100 lucene-solr (3.6.2+dfsg-15) unstable; urgency=medium * Team upload. * Switch from libmysql-java to libmariadb-java. -- Markus Koschany Fri, 09 Nov 2018 17:23:59 +0100 lucene-solr (3.6.2+dfsg-14) unstable; urgency=medium * Team upload. * debian/build-jars: Fix broken links to woodstox-core.jar. The jar files were renamed. (Closes: #906384). This also addresses the runtime error. solr-tomcat works as expected again. (Closes: #904063) * Disable the tests and work around a FTBFS. Ideally this should been investigated and fixed eventually. -- Markus Koschany Sat, 25 Aug 2018 23:23:24 +0200 lucene-solr (3.6.2+dfsg-13) unstable; urgency=medium * Team upload. * Symlink /etc/solr/solr-jetty.xml to /var/lib/jetty9/webapps/solr.xml to make solr-jetty work out-of-the-box. Thanks to Larocque for the report. (Closes: #886090) -- Markus Koschany Sun, 06 May 2018 20:51:06 +0200 lucene-solr (3.6.2+dfsg-12) unstable; urgency=high * Team upload. * Fix FTBFS with Ant 1.10. (Closes: #895797) * Fix CVE-2018-1308. (Closes: #896604) * Declare compliance with Debian Policy 4.1.4. -- Markus Koschany Tue, 01 May 2018 23:35:41 +0200 lucene-solr (3.6.2+dfsg-11) unstable; urgency=medium * Team upload. * Switch to compat level 11. * Declare compliance with Debian Policy 4.1.3. * Fix CVE-2017-12629: possible remote code execution by exploiting XXE. For security reasons the RunExecutableListener class was permanently removed. * Fix CVE-2017-3163: path traversal vulnerability. (Closes: #867712) -- Markus Koschany Sun, 14 Jan 2018 14:32:32 +0100 lucene-solr (3.6.2+dfsg-10) unstable; urgency=medium * Team upload. * Remove obsolete Resources className directive as it does not work with Tomcat8. Thanks to Matthias Liertzer for the report. (Closes: #856626) -- Markus Koschany Thu, 30 Mar 2017 20:24:00 +0200 lucene-solr (3.6.2+dfsg-9) unstable; urgency=medium * Team upload. [ Emmanuel Bourg ] * Switched the dependencies to tomcat8, libservlet3.1-java and jetty9 * Standards-Version updated to 3.9.8 * Use a secure Vcs-* URL * Fixed the watch file [ tony mancill ] * Add Dutch translation of debconf messages. (Closes: #835136) Thank you to Frans Spiesschaert for the translation. -- Emmanuel Bourg Mon, 24 Oct 2016 17:10:19 +0200 lucene-solr (3.6.2+dfsg-8) unstable; urgency=medium * Team upload. * Transition to bnd 2.1.0. * Fix Lintian warning empty-short-license-in-dep5-copyright. * Fix Lintian warnings command-with-path-in-maintainer-script. * Vcs-Browser: Use https. -- Markus Koschany Thu, 19 Nov 2015 22:13:50 +0100 lucene-solr (3.6.2+dfsg-7) unstable; urgency=medium * Add OSGi metadata to JAR manifests * Add Jakub Adam to Uploaders * Update file paths in d/copyright -- Jakub Adam Mon, 03 Aug 2015 15:49:56 +0200 lucene-solr (3.6.2+dfsg-6) unstable; urgency=medium * Team upload. [ Emmanuel Bourg ] * Removed the dependency on libgeronimo-stax-1.2-spec-java * Fixed a test failure with commons-codec 1.10 * Fixed a test failure with Java 8 (Closes: #760927) * Use XZ compression for the upstream tarball * debian/watch: No longer use the defunct githubredir.debian.net redirector [ Victor Seva ] * solr-tomcat: allow tomcat7-user as depends (Closes: #606138) -- Emmanuel Bourg Mon, 13 Jul 2015 14:45:06 +0200 lucene-solr (3.6.2+dfsg-5) unstable; urgency=medium * Team upload. * Fixed the deployment with Jetty 8 (Closes: #752547, #767525) * Enable the symbolic links with Jetty (Closes: #701876) * Fixed the path to dpkg-statoverride in solr-jetty.postrm (Closes: #767519) -- Emmanuel Bourg Fri, 31 Oct 2014 19:28:25 +0100 lucene-solr (3.6.2+dfsg-4) unstable; urgency=medium * Team upload. * Switched the dependencies to tomcat7, libservlet3.0-java and jetty8 * Fixed a format issue with CVE-2013-6397.patch * Standards-Version updated to 3.9.6 (no changes) -- Emmanuel Bourg Mon, 06 Oct 2014 15:47:56 +0200 lucene-solr (3.6.2+dfsg-3) unstable; urgency=medium * Team upload. * Add tomcat-coyote to debian/build-jars to address FTBFS. (Closes: #749364) * Update Vcs- URLs in debian/control. * Use debhelper 9. * Bump Standards-Version to 3.9.5. -- tony mancill Tue, 10 Jun 2014 22:29:19 -0700 lucene-solr (3.6.2+dfsg-2) unstable; urgency=low * Fixes for new security vulnerabilities (Closes: #731113): - debian/patches/CVE-2013-6397.patch: Fix DocumentAnalysisRequestHandler to correctly use EmptyEntityResolver to prevent loading of external entities like UpdateRequestHandler does. CVE-2013-6397 - debian/patches/CVE-2013-6407_CVE-2013-6408.patch: XML and XSLT UpdateRequestHandler should not try to resolve external entities. This improves speed of loading e.g. XSL-transformed XHTML documents. CVE-2013-6407 Fix XML parsing in XPathEntityProcessor to correctly expand named entities, but ignore external entities. CVE-2013-6408 -- James Page Sat, 14 Dec 2013 22:07:54 +0000 lucene-solr (3.6.2+dfsg-1) unstable; urgency=low * Upload to unstable. -- James Page Thu, 16 May 2013 10:45:27 +0100 lucene-solr (3.6.2+dfsg-1~exp1) experimental; urgency=low [ tony mancill ] * solr-jetty: correct symlink to solr in /var/lib/jetty/webapps/ (Closes: #696347) [ James Page ] * New upstream release. * d/copyright: Removed surplus GPL-2 paragraph. * d/control: Tidied short descriptions. -- James Page Mon, 07 Jan 2013 14:23:47 +0000 lucene-solr (3.6.1+dfsg-1) experimental; urgency=low * New upstream release. * Add dependency on JDK for solr-jetty (LP: #1046732): - d/control: Add extra Depends on default-jdk | java5-jdk as jetty requires a full JDK to support use of JSP's which solr uses. -- James Page Wed, 21 Nov 2012 09:31:05 +0000 lucene-solr (3.6.0+dfsg-1) unstable; urgency=low * Initial release. (Closes: #594027) -- James Page Tue, 29 May 2012 17:32:24 +0100