Change logs for jetty9 source package in Cosmic

  • jetty9 (9.4.15-1~18.04.1ubuntu1) bionic; urgency=medium
    
      [ Matthias Klose ]
      * Backport for OpenJDK 11. LP: #1817567.
    
      [ Tiago Stürmer Daitx ]
      * debian/jetty9.init, debian/jetty9.default: revert conffiles to
        previous version, this allows unattended-upgrades to update the
        package even when there are local changes.
    
    jetty9 (9.4.15-1) unstable; urgency=medium
    
      * New upstream release
        - Refreshed the patches
        - New build dependency on libjboss-logging-java
        - Ignore the new jetty-websocket-tests module
      * Standards-Version updated to 4.3.0
    
    jetty9 (9.4.14-1) unstable; urgency=medium
    
      * New upstream release
        - Refreshed the patches
        - Ignore the new test dependencies
        - Build the new modules: jetty-alpn-java-*, jetty-alpn-openjdk8-*,
          jetty-http2-*, jetty-cdi-* and jetty-unixsocket
        - Ignore the new optional modules: jetty-alpn-conscrypt-*, jetty-memcached,
          jetty-cdi-servlet, jetty-gcloud, jetty-hazelcast and jetty-infinispan
        - No longer build the removed modules: jetty-monitor and jetty-rhttp-*
        - Updated the Maven rules
        - Derive the content of the jetty9 package from the output
          of the jetty-distribution module
        - Require Java 8 or higher to run
        - Depend on libasm-java (>= 7.0)
        - Updated the links in /usr/share/jetty9/lib/
        - Added jetty-util.jar to the classpath of jetty-start.jar
      * Added a systemd service file
      * Removed the default 256M heap limit
      * Removed the NO_START option from the service configuration
      * Depend on libtomcat9-java instead of libtomcat8-java
      * Don't follow the symlinks when setting the owner of the /var/cache/jetty9,
        /var/log/jetty9 and /var/lib/jetty9 directories in the postinst script
      * Updated the README file (Closes: #906770)
      * Exclude the documentation directory from the upstream tarball
    
    jetty9 (9.2.26-1) unstable; urgency=medium
    
      * Team upload.
      * New upstream release
      * Fixed the Maven rule for tomcat-jaspic-api (Closes: #907147)
      * Standards-Version updated to 4.2.1
    
    jetty9 (9.2.25-1) unstable; urgency=medium
    
      * Team upload.
      * New upstream release
        - Fixes CVE-2017-7656: A remote user can submit a specially crafted HTTP/0.9
          request containing invalid request headers to cause Jetty and an upstream
          HTTP agent (such as an origin server or another proxy) to interpret the
          boundary of the HTTP request differently. As a result, a malicious request
          may be embedded within another request as processed by the subsequent
          system. This allows a remote user to potentially poison the cache.
        - Fixes CVE-2017-7657: A remote user can submit a specially crafted HTTP
          request containing invalid Chunked Transfer-Encoding headers to cause
          Jetty and an upstream HTTP agent (such as an origin server or another
          proxy) to interpret the boundary of the HTTP request differently.
          As a result, a malicious request may be embedded within another request
          as processed by the subsequent system. This allows a remote user to
          potentially poison the cache.
        - Fixes CVE-2017-7658: A remote user can submit a specially crafted HTTP
          request containing more than one Content-Length header to cause Jetty
          and an upstream HTTP agent (such as an origin server or another proxy)
          to interpret the boundary of the HTTP request differently. As a result,
          a malicious request may be embedded within another request as processed
          by the subsequent system. This allows a remote user to potentially poison
          the cache.
      * Compile with the --release parameter to preserve the compatibility
        with older JREs
    
    jetty9 (9.2.24-1) unstable; urgency=medium
    
      * Team upload.
      * New upstream release
      * Standards-Version updated to 4.1.4
      * Switch to debhelper level 11
      * Use salsa.debian.org Vcs-* URLs
    
     -- Tiago Stürmer Daitx <email address hidden>  Wed, 10 Apr 2019 02:50:32 +0000
  • jetty9 (9.4.15-1~18.04) bionic; urgency=medium
    
      * Backport for OpenJDK 11. LP: #1817567.
    
    jetty9 (9.4.15-1) unstable; urgency=medium
    
      * New upstream release
        - Refreshed the patches
        - New build dependency on libjboss-logging-java
        - Ignore the new jetty-websocket-tests module
      * Standards-Version updated to 4.3.0
    
    jetty9 (9.4.14-1) unstable; urgency=medium
    
      * New upstream release
        - Refreshed the patches
        - Ignore the new test dependencies
        - Build the new modules: jetty-alpn-java-*, jetty-alpn-openjdk8-*,
          jetty-http2-*, jetty-cdi-* and jetty-unixsocket
        - Ignore the new optional modules: jetty-alpn-conscrypt-*, jetty-memcached,
          jetty-cdi-servlet, jetty-gcloud, jetty-hazelcast and jetty-infinispan
        - No longer build the removed modules: jetty-monitor and jetty-rhttp-*
        - Updated the Maven rules
        - Derive the content of the jetty9 package from the output
          of the jetty-distribution module
        - Require Java 8 or higher to run
        - Depend on libasm-java (>= 7.0)
        - Updated the links in /usr/share/jetty9/lib/
        - Added jetty-util.jar to the classpath of jetty-start.jar
      * Added a systemd service file
      * Removed the default 256M heap limit
      * Removed the NO_START option from the service configuration
      * Depend on libtomcat9-java instead of libtomcat8-java
      * Don't follow the symlinks when setting the owner of the /var/cache/jetty9,
        /var/log/jetty9 and /var/lib/jetty9 directories in the postinst script
      * Updated the README file (Closes: #906770)
      * Exclude the documentation directory from the upstream tarball
    
    jetty9 (9.2.26-1) unstable; urgency=medium
    
      * Team upload.
      * New upstream release
      * Fixed the Maven rule for tomcat-jaspic-api (Closes: #907147)
      * Standards-Version updated to 4.2.1
    
    jetty9 (9.2.25-1) unstable; urgency=medium
    
      * Team upload.
      * New upstream release
        - Fixes CVE-2017-7656: A remote user can submit a specially crafted HTTP/0.9
          request containing invalid request headers to cause Jetty and an upstream
          HTTP agent (such as an origin server or another proxy) to interpret the
          boundary of the HTTP request differently. As a result, a malicious request
          may be embedded within another request as processed by the subsequent
          system. This allows a remote user to potentially poison the cache.
        - Fixes CVE-2017-7657: A remote user can submit a specially crafted HTTP
          request containing invalid Chunked Transfer-Encoding headers to cause
          Jetty and an upstream HTTP agent (such as an origin server or another
          proxy) to interpret the boundary of the HTTP request differently.
          As a result, a malicious request may be embedded within another request
          as processed by the subsequent system. This allows a remote user to
          potentially poison the cache.
        - Fixes CVE-2017-7658: A remote user can submit a specially crafted HTTP
          request containing more than one Content-Length header to cause Jetty
          and an upstream HTTP agent (such as an origin server or another proxy)
          to interpret the boundary of the HTTP request differently. As a result,
          a malicious request may be embedded within another request as processed
          by the subsequent system. This allows a remote user to potentially poison
          the cache.
      * Compile with the --release parameter to preserve the compatibility
        with older JREs
    
    jetty9 (9.2.24-1) unstable; urgency=medium
    
      * Team upload.
      * New upstream release
      * Standards-Version updated to 4.1.4
      * Switch to debhelper level 11
      * Use salsa.debian.org Vcs-* URLs
    
     -- Matthias Klose <email address hidden>  Fri, 01 Mar 2019 14:06:03 +0100
  • jetty9 (9.2.26-1) unstable; urgency=medium
    
      * Team upload.
      * New upstream release
      * Fixed the Maven rule for tomcat-jaspic-api (Closes: #907147)
      * Standards-Version updated to 4.2.1
    
     -- Emmanuel Bourg <email address hidden>  Wed, 05 Sep 2018 13:11:13 +0200
  • jetty9 (9.2.25-1) unstable; urgency=medium
    
      * Team upload.
      * New upstream release
        - Fixes CVE-2017-7656: A remote user can submit a specially crafted HTTP/0.9
          request containing invalid request headers to cause Jetty and an upstream
          HTTP agent (such as an origin server or another proxy) to interpret the
          boundary of the HTTP request differently. As a result, a malicious request
          may be embedded within another request as processed by the subsequent
          system. This allows a remote user to potentially poison the cache.
        - Fixes CVE-2017-7657: A remote user can submit a specially crafted HTTP
          request containing invalid Chunked Transfer-Encoding headers to cause
          Jetty and an upstream HTTP agent (such as an origin server or another
          proxy) to interpret the boundary of the HTTP request differently.
          As a result, a malicious request may be embedded within another request
          as processed by the subsequent system. This allows a remote user to
          potentially poison the cache.
        - Fixes CVE-2017-7658: A remote user can submit a specially crafted HTTP
          request containing more than one Content-Length header to cause Jetty
          and an upstream HTTP agent (such as an origin server or another proxy)
          to interpret the boundary of the HTTP request differently. As a result,
          a malicious request may be embedded within another request as processed
          by the subsequent system. This allows a remote user to potentially poison
          the cache.
      * Compile with the --release parameter to preserve the compatibility
        with older JREs
    
     -- Emmanuel Bourg <email address hidden>  Tue, 03 Jul 2018 14:31:51 +0200
  • jetty9 (9.2.24-1) unstable; urgency=medium
    
      * Team upload.
      * New upstream release
      * Standards-Version updated to 4.1.4
      * Switch to debhelper level 11
      * Use salsa.debian.org Vcs-* URLs
    
     -- Emmanuel Bourg <email address hidden>  Fri, 18 May 2018 00:14:54 +0200
  • jetty9 (9.2.23-1) unstable; urgency=medium
    
      * Team upload.
      * New upstream release
      * Fixed the broken symlinks indirectly caused by the new pom patching
        sequence in maven-debian-helper 2.2.8 (Closes: #884771)
      * Added the missing dependency on lsb-base
      * Standards-Version updated to 4.1.3
    
     -- Emmanuel Bourg <email address hidden>  Fri, 05 Jan 2018 18:03:14 +0100