jackrabbit (2.10.1-1) unstable; urgency=high
* Team upload.
* Imported Upstream version 2.10.1.
- Fix CVE-2015-1833 (Closes: #787316)
When processing a WebDAV request body containing XML, the XML parser can
be instructed to read content from network resources accessible to the
host, identified by URI schemes such as "http(s)" or "file". Depending on
the WebDAV request, this can not only be used to trigger internal network
requests, but might also be used to insert said content into the request,
potentially exposing it to the attacker and others.
* Update watch file and track upstream's stable releases.
* Update get-orig-source-target. Download the current version.
* Drop orig-tar.sh script. We use upstream's tarballs now.
* Repack the orig tarball. Change compression from zip to tar.xz.
* Remove maven.publishedRules. It is not needed.
* Use compat level 9 and require debhelper >= 9.
* Declare compliance with Debian Policy 3.9.6.
* Use canonical Vcs fields.
* wrap-and-sort -sa.
* Drop modules.diff because we disable all modules except webdav in
libjackrabbit.poms already.
* Fix Format field. Add myself to debian/ copyright holders.
* Use Files-Excluded mechanism to remove binary files.
* Fix lintian warnings dep5-copyright-license-name-not-unique
and comma-separated-files-in-dep5-copyright.
* Drop build-classpath and fix Lintian warning about missing classpath for
dependencies.
* Use maven-debian-helper and Maven as build system. Drop all ant
build-dependencies.
* Add libmaven-bundle-plugin-java to Build-Depends.
* Add maven.properties file and drop build.properties.
* Drop maven.cleanIgnoreRules. It is unused.
-- Markus Koschany <email address hidden> Sun, 21 Jun 2015 18:35:47 +0200
