hsqldb (2.7.1-1+deb12u1) bookworm-security; urgency=medium * Team upload. * fix CVE-2023-1183 -- Rene Engelhard Thu, 15 Jun 2023 23:00:19 +0200 hsqldb (2.7.1-1) unstable; urgency=medium * New upstream version 2.7.1. - Fix CVE-2022-41853: Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled. (Closes: #1023573) -- Markus Koschany Sun, 04 Dec 2022 21:32:57 +0100 hsqldb (2.7.0-1) unstable; urgency=medium * New upstream version 2.7.0. * Declare compliance with Debian Policy 4.6.1. -- Markus Koschany Sat, 06 Aug 2022 12:56:15 +0200 hsqldb (2.6.1-1) unstable; urgency=medium * New upstream version 2.6.1. -- Markus Koschany Fri, 22 Oct 2021 12:46:07 +0200 hsqldb (2.6.0-1) unstable; urgency=medium * New upstream version 2.6.0. * Declare compliance with Debian Policy 4.6.0. * Compile for Java 9+. -- Markus Koschany Fri, 03 Sep 2021 23:48:05 +0200 hsqldb (2.5.1-1) unstable; urgency=medium * New upstream version 2.5.1. * Declare compliance with Debian Policy 4.5.0. * Switch to debhelper-compat = 13. -- Markus Koschany Tue, 07 Jul 2020 13:59:36 +0200 hsqldb (2.5.0-1) unstable; urgency=medium * Team upload. * New upstream release - Removed the Java 11 compatibility patch (fixed upstream) * Depend on libservlet-api-java instead of libservlet3.1-java * Removed the javadoc from the upstream tarball * Standards-Version updated to 4.4.0 -- Emmanuel Bourg Tue, 16 Jul 2019 10:55:46 +0200 hsqldb (2.4.1-2) unstable; urgency=medium * Team upload. * Fixed the build failure with Java 11 (Closes: #913052) * Replaced use-system-servlet.jar.patch with a build property * Standards-Version updated to 4.2.1 * Use salsa.debian.org Vcs-* URLs -- Emmanuel Bourg Tue, 06 Nov 2018 23:33:09 +0100 hsqldb (2.4.1-1) unstable; urgency=medium * New upstream version 2.4.1. * Switch to compat level 11. * Declare compliance with Debian Policy 4.1.4. -- Markus Koschany Wed, 30 May 2018 21:52:55 +0200 hsqldb (2.4.0-2) unstable; urgency=medium * Upload to unstable. * Declare compliance with Debian Policy 4.0.0. -- Markus Koschany Wed, 21 Jun 2017 17:38:08 +0200 hsqldb (2.4.0-1) experimental; urgency=medium * New upstream version 2.4.0. * Switch to compat level 10. * Update pom.xml for new release. * hsqldb-utils: Require Java 8 and change build target and source version to 1.8. * Drop hsqldb-utils.menu and replace it with the recommended desktop file. * Install desktop file into hsqldb-utils package. * Update debian/copyright for new release. -- Markus Koschany Sun, 16 Apr 2017 16:11:52 +0200 hsqldb (2.3.4-1) unstable; urgency=medium * Imported Upstream version 2.3.4. * Switch from cdbs to dh sequencer. * debian/watch: version=4. * Declare compliance with Debian Policy 3.9.8. * Vcs-Git: Use https. * hsqldb-utils: Remove alternative dependency on default-jre. It is satisfied by default-jre-headless. * Update version in pom.xml. -- Markus Koschany Fri, 27 May 2016 06:36:33 +0200 hsqldb (2.3.3+dfsg2-1) unstable; urgency=medium * Imported Upstream version 2.3.3+dfsg2. * When repacking the original tarball, exclude zip files as well. * Make the build reproducible by setting timestamp and user.name to fixed values. -- Markus Koschany Thu, 29 Oct 2015 17:11:46 +0100 hsqldb (2.3.3+dfsg-1) unstable; urgency=medium * New upstream release. * Build-Depend on default-jdk and depend on default-jre-headless | default-jre where appropriate. Switch to libservlet3.1-java. Thanks to James Page for the report and patch. (Closes: #708118) * New maintainer Debian Java Team. Add myself as Uploader. (Closes: #707122) * hsqldb-utils: Fix all command line tools by providing the correct classpath. Drop querytool. It is gone. Thanks to Roland Hieber for the report and patch. (Closes: #720142) * debian/rules: Add get-orig-source target. * Use compat level 9 and require debhelper >= 9. * Add Homepage field. * Move the package to Git. * Declare compliance with Debian Policy 3.9.6. * Drop README.maintainer and README.source. We provide a get-orig-source target now which removes all pre-built jar files. * Switch to source format 3.0 (quilt). * Rebase use-system-servlet.jar.patch. * Remove auto-generated libhsqldb-java-gcj.substvar file. * Switch to copyright format 1.0. * Improve debian/watch and mangle the version correctly. * libhsqldb-java: Remove Suggests java-virtual-machine. * Remove all Conflicts, Replaces and Provides fields. These control fields are obsolete in Stretch now. * Drop libhsqldb-java-doc.links. It was not useful and the symlink pointed to the wrong directory. * Install hsqldb/doc-src/changelist_2_0.txt as upstream changelog. * Drop obsolete debian/etc directory with configuration files for the server. -- Markus Koschany Fri, 18 Sep 2015 00:21:01 +0200 hsqldb (2.2.9+dfsg-4) unstable; urgency=low * QA upload. * Bump Build-Dependency on openjdk-6-jdk to openjdk-7-jdk. (Closes: #720551) * Drop suggest on no longer existing libhsqldb-java-gcj. * Update the java-dependency for hsqldb-utils. -- Niels Thykier Mon, 04 Nov 2013 13:56:42 +0100 hsqldb (2.2.9+dfsg-3) unstable; urgency=low * upload to unstable * orphan package, set maintainer to Debian QA Group * update debian/watch * remove Conflicts: libreoffice-base; add Breaks: libreoffice-base (<< 1:4.0.2~rc2-2) instead -- Rene Engelhard Mon, 06 May 2013 23:07:59 +0200 hsqldb (2.2.9+dfsg-2) experimental; urgency=low * remove lib/servlet-api*.jar and make the build actually use /usr/share/java/servlet-api-2.5.jar... -- Rene Engelhard Mon, 18 Mar 2013 23:16:14 +0100 hsqldb (2.2.9-3) experimental; urgency=low * stop building -gcj and build using openjdk-6-jdk explicitely (this apparently doesn't build with gcj anymore) -- Rene Engelhard Mon, 07 Jan 2013 18:33:16 +0100 hsqldb (2.2.9-2) experimental; urgency=low * rename back to hsqldb and libhsqldb-java * fix servlet dependency -- Rene Engelhard Wed, 02 Jan 2013 21:37:42 +0100 hsqldb2.2 (2.2.9-1) experimental; urgency=low * New upstream release -- Rene Engelhard Wed, 22 Aug 2012 23:37:16 +0200 hsqldb2.2 (2.2.8-2) experimental; urgency=low * remove build/gradle*... (unused, and contains sourceless jar.) -- Rene Engelhard Sun, 20 May 2012 13:45:15 +0200 hsqldb2.2 (2.2.8-1) experimental; urgency=low * New upstream release * merge from libhsqldb-java 1.8.0: - add maven.publishedRules (patch by twerner, closes: #641691) - stop building -gcj - except on kfreebsd-* - fix builddep: s/default-jdk-builddep/default-jdk, gcj-native-helper/ - libhsqldb-java-gcj: libs->java - add missing run to mh_clean - build-depend on javahelper and add Class-Path: to hsqldb-1.8.0.10.jar... - stop depending on a jre on libhsqldb-java * merge from libhsqldb-java 1.8.1: * move from Breaks: to Conflicts: openoffice.org-base and also add Conflicts: libreoffice-base (comented out as different path) -- Rene Engelhard Mon, 30 Apr 2012 02:17:32 +0200 hsqldb2.0 (2.0.0-3) experimental; urgency=low * gah, I forgot the maven-repo-helper builddep -- Rene Engelhard Wed, 23 Jun 2010 09:34:43 +0200 hsqldb2.0 (2.0.0-2) experimental; urgency=low * build with libservlet2.5-java * merge POM file from 1.8.1.2 packasges (closes: #581851) -- Rene Engelhard Mon, 21 Jun 2010 19:12:14 +0200 hsqldb2.0 (2.0.0-1) experimental; urgency=low * New upstream release -- Rene Engelhard Fri, 11 Jun 2010 14:27:55 +0200 hsqldb2.0 (2.0.0~rc8-1) experimental; urgency=low * New upstream release candidate * add ${misc:Depends} for hsqldb2.0-utils -- Rene Engelhard Sat, 13 Mar 2010 17:02:56 +0100 hsqldb1.9 (1.9.0~rc6-1) experimental; urgency=low * New upstream release candidate * drop hsqldb-server for now -- Rene Engelhard Sun, 25 Oct 2009 02:20:10 +0200 hsqldb (1.8.1.1-2) experimental; urgency=low * merge 1.8.0.10-6 * add Breaks: openoffice.org-base -- Rene Engelhard Sun, 25 Oct 2009 02:19:34 +0200 hsqldb (1.8.0.10-6) unstable; urgency=low * split utilities (hsqldb-*) into hsqldb-utils to allow co-installation of libraries of different versions -- Rene Engelhard Sun, 25 Oct 2009 02:19:13 +0200 hsqldb (1.8.1.1-1) experimental; urgency=low * New upstream release -- Rene Engelhard Sat, 24 Oct 2009 14:47:46 +0200 hsqldb (1.8.0.10-5) unstable; urgency=low * add i104901.patch from OOo to fix autoincrement behaviour which otherwise can cause db corruption * bin/hsqldb: Provides: hsqldb-server, thanks lintian -- Rene Engelhard Sat, 19 Sep 2009 00:56:41 +0200 hsqldb (1.8.0.10-4) unstable; urgency=low * fix hsqldb-init-tempfile to actually be applied * readd WebServer support * use template for hsqldb.conf which has more info * add SERVER_JVMARGS=-Dhsqldb.method_class_names=\"\" to hsqldb.conf to disallow execution of Java code inside SQL per default * import default server.properties and webserver.properties and default sqltool.rc from Fedora -- Rene Engelhard Mon, 17 Aug 2009 22:33:02 +0200 hsqldb (1.8.0.10-3) unstable; urgency=medium * add patch from http://www.openoffice.org/issues/show_bug.cgi?id=103528 to fix BITXOR * build with target/source for 1.5 as default-jdk is now OpenJDK 1.6 * remove old hsqldb-server.init. Use bin/hsqldb. Add /etc/hsqldb.conf. Make it work. Finetuning probably still needed but it at least now has working (re)start/stop/status. (closes: #466421) * move libhsqldb-java to java and hsqldb-server to databases * fix doc-base section -- Rene Engelhard Mon, 17 Aug 2009 21:05:08 +0200 hsqldb (1.8.0.10-2) unstable; urgency=low * fix creation of .lock file for OOo (from OOo svn) -- Rene Engelhard Wed, 25 Feb 2009 13:44:50 +0100 hsqldb (1.8.0.10-1) unstable; urgency=low * New upstream release -- Rene Engelhard Tue, 12 Aug 2008 10:49:33 -0300 hsqldb (1.8.0.9-3) unstable; urgency=low * make myself Maintainer: and remove Peter, by Peterss request * use default-jdk-builddep (closes: #477862) -- Rene Engelhard Sun, 27 Apr 2008 00:17:18 +0200 hsqldb (1.8.0.9-2) unstable; urgency=low * upload to unstable * mention CVE-2007-4575 in previous release -- Rene Engelhard Tue, 27 Nov 2007 11:37:11 +0100 hsqldb (1.8.0.9-1) experimental; urgency=high * New upstream release - fixes CVE-2007-4575 -- Rene Engelhard Sun, 04 Nov 2007 19:20:16 +0100 hsqldb (1.8.0.8.dfsg-2) unstable; urgency=low * get regression fix from upstream * merge from Ubuntu: - build -gcj subpackage (closes: #437629) -- Rene Engelhard Sun, 04 Nov 2007 19:03:03 +0100 hsqldb (1.8.0.8.dfsg-1) unstable; urgency=high * oops, we need to remove servlet.jar from the .orig -- Rene Engelhard Mon, 24 Sep 2007 10:26:49 +0200 hsqldb (1.8.0.8-1) unstable; urgency=low * New upstream release - includes all Ooo 2.3 patches (closes: #437630) * switch to java-gcj-compat-dev as jikes can't build us anymore but ecj can * add myself to Uploaders * make hsqldb-server depend on libhsqldb-java (= ${binary:Version}) as $|Source-Version} is deprecated * Apps/Databases -> Applications/Data Management for the new menu policy -- Rene Engelhard Fri, 31 Aug 2007 11:30:39 +0200 hsqldb (1.8.0.7-3) unstable; urgency=low * Changed dependencies to libservlet2.4-java (closes: #422555) -- Peter Eisentraut Mon, 07 May 2007 16:03:36 +0200 hsqldb (1.8.0.7-2) unstable; urgency=low * Corrected URL in hsqldb-sqltool man page * Added sqltool.rc example to installation * Improved start order dependencies of init script -- Peter Eisentraut Fri, 13 Apr 2007 01:54:00 +0200 hsqldb (1.8.0.7-1) unstable; urgency=low * New upstream release * Updated watch file * Removed hsqldb-nio.patch, which is no longer needed -- Peter Eisentraut Fri, 27 Oct 2006 09:59:02 +0200 hsqldb (1.8.0.5-2) unstable; urgency=low * Fixed dependency information in init script LSB header -- Peter Eisentraut Wed, 13 Sep 2006 19:18:37 +0200 hsqldb (1.8.0.5-1) experimental; urgency=low * New upstream release * Fixed Build-Depends vs. Build-Depends-Indep * Updated standards version * debian/rules simplifications facilitated by newer cdbs * Removed outdated OpenOffice patches * Create /var/run/hsqldb in the init script rather than in the package * Changed to Debhelper level 5 * Fixed su invocation in init script -- Peter Eisentraut Thu, 31 Aug 2006 12:57:30 +0200 hsqldb (1.8.0.2-2) unstable; urgency=low * Added hsqldbutil.jar to re-add Transfer and QueryTool tools, which were removed from the main jar (closes: #341427) * Do not allow tools to create prefs file automatically -- Peter Eisentraut Sun, 11 Dec 2005 14:43:02 +0100 hsqldb (1.8.0.2-1) unstable; urgency=low * New upstream release * Updated hsqldb-gcj-access-problems.patch for new release * Changed watch file to version 3 format * Added dependency on adduser * Changed init script to LSB style * Changed build dependency to ant -- Peter Eisentraut Sat, 24 Sep 2005 23:07:44 +0200 hsqldb (1.8.0.0-2) experimental; urgency=low * Moved java-virtual-machine to a suggestion (closes: #316986) * Made hsqldb-server depend on the library of the same version (closes: #316987) * Applied bug fix patch from OOo2 (hsqldb-ooo2.patch) (closes: #316937) * Applied patch by Rene Engelhard to work with GCJ in OOo2 (hsqldb-gcj-access-problems.patch) (closes: #316937) * Now using simple-patchsys.mk for patches -- Peter Eisentraut Mon, 11 Jul 2005 22:40:39 +0200 hsqldb (1.8.0.0-1) experimental; urgency=low * New upstream release * Updated standards version -- Peter Eisentraut Mon, 4 Jul 2005 18:03:23 +0200 hsqldb (1.7.3.3-3) unstable; urgency=low * Changed maintainer address * Added server mode -- Peter Eisentraut Thu, 9 Jun 2005 16:02:21 +0200 hsqldb (1.7.3.3-2) experimental; urgency=low * Disabled use of NIO locking (doesn't work with kaffe) * Changed run-time dependencies to kaffe * Moved to main * Added PostgreSQL and MySQL JDBC drivers to classpath of GUI applications -- Peter Eisentraut Fri, 6 May 2005 13:22:03 +0200 hsqldb (1.7.3.3-1) experimental; urgency=low * New upstream release -- Peter Eisentraut Wed, 30 Mar 2005 10:39:03 +0200 hsqldb (1.7.3.2-1) experimental; urgency=low * Initial release (closes: #121613) -- Peter Eisentraut Sun, 6 Feb 2005 13:05:40 +0100