tomcat-native (1.1.32~repack-2+deb8u1) jessie-security; urgency=high * Non-maintainer upload by the LTS. * Fix CVE-2017-15698: When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability. -- Markus Koschany Sun, 11 Feb 2018 21:01:06 +0100 tomcat-native (1.1.32~repack-2) unstable; urgency=medium * Team upload. * Fixed the patch disabling the deprecated SSL protocols (Closes: #780447) -- Emmanuel Bourg Sat, 14 Mar 2015 22:18:29 +0100 tomcat-native (1.1.32~repack-1) unstable; urgency=medium * Team upload. * New upstream release * Disabled SSLv3 support * Standards-Version updated to 3.9.6 (no changes) -- Emmanuel Bourg Wed, 03 Dec 2014 22:47:37 +0100 tomcat-native (1.1.31-1) unstable; urgency=medium * Team upload. * New upstream release * Capitalized the 'Apache Portable Runtime' in the package description [ tony mancill ] * Moved the package to Git -- Emmanuel Bourg Wed, 30 Jul 2014 00:33:44 +0200 tomcat-native (1.1.30-1) unstable; urgency=medium * Team upload. * New upstream release * Refreshed drop_sslv2_support.diff * Updated README.Debian for Tomcat 8 -- Emmanuel Bourg Tue, 03 Jun 2014 15:35:20 +0200 tomcat-native (1.1.29-1) unstable; urgency=low * Team upload. [ Gianfranco Costamagna ] * New upstream release [ tony mancill ] * Bump Standards-Version to 3.9.5. -- tony mancill Tue, 24 Dec 2013 14:54:00 -0800 tomcat-native (1.1.27-1) unstable; urgency=low * New upstream release. * Merge Gianfranco Costamagna work: - d/control: Bump Standards-Version to 3.9.4. - d/{control,compat}: Bump debhelper to 9. * d/control: Update Vcs-* fields with canonical URL. * d/copyright: Fix small issue in DEP-5 format. * Switch to dh7: - d/rules: Upgrade to dh call - d/control: Drop B-D on cdbs. * Install in Multi-Arch location: - d/control: Add Pre-Depends and Multi-Arch fields -- Damien Raude-Morvan Mon, 12 Aug 2013 16:11:30 +0200 tomcat-native (1.1.24-1) unstable; urgency=low * Team upload. * New upstream release (closes: #685516) * Update README.Debian to include reference to tomcat7. -- tony mancill Sat, 25 Aug 2012 03:55:06 +0000 tomcat-native (1.1.23-1) unstable; urgency=low [ tony mancill ] * Team upload. * Remove Michael Koch from Uploaders (Closes: #654135) [ Damien Raude-Morvan ] * New upstream release. * d/control: Build-Depends on dpkg-dev (>= 1.16.1~) for hardening flags * d/rules: Enable hardening build. * d/copyright: Use copyright-format 1.0. * d/control: Bump Standards-Version to 3.9.3: no changes needed. -- Damien Raude-Morvan Fri, 02 Mar 2012 19:51:58 +0100 tomcat-native (1.1.22-1) unstable; urgency=low * New upstream release: - Update d/patches/drop_sslv2_support.diff patch. -- Damien Raude-Morvan Fri, 12 Aug 2011 20:02:57 +0200 tomcat-native (1.1.20-3) unstable; urgency=low * Switch to 3.0 quilt source format. * d/patches/drop_sslv2_support.diff: Drop support for SSLv2 (Closes: #622141). * d/copyright: Update to DEP-5 format. -- Damien Raude-Morvan Sun, 10 Jul 2011 23:42:01 +0200 tomcat-native (1.1.20-2) unstable; urgency=low * Team upload. * Remove *.la (Closes: #621279) * Bump Standards-Version to 3.9.2 (no changes needed) -- tony mancill Sat, 09 Apr 2011 10:57:15 -0700 tomcat-native (1.1.20-1) unstable; urgency=low * New upstream release: - Prevent crashing JVM on shutdown. * Bump Standards-Version to 3.8.4 (no changes needed) -- Damien Raude-Morvan Sat, 20 Feb 2010 22:50:34 +0100 tomcat-native (1.1.19-1) unstable; urgency=low * New upstream release. - minor versioning fix - allows building against OpenSSL 1.0 * Add a README.Debian to help users to setup Tomcat 6.x with Tomcat Native Library -- Damien Raude-Morvan Sun, 17 Jan 2010 01:27:46 +0100 tomcat-native (1.1.18-1) unstable; urgency=high * New upstream release. - Fix CVE-2009-3555 SSL-Man-In-The-Middle attack - set urgency=high to get security fix in testing -- Damien Raude-Morvan Tue, 24 Nov 2009 01:46:20 +0100 tomcat-native (1.1.17-1) unstable; urgency=low * New upstream release. * debian/control: - Update my email address - Bump Standards-Version to 3.8.3 (no changes needed) - Bump debhelper version to >= 7 - Update upstream Homepage field - Use default-jdk instead of default-jdk-builddep as there is no native (-gcj) package build. * debian/copyright: - Update upstream copyright years - Add myself as debian/* copyright holder * debian/libtcnative-1.lintian-overrides: - Change to be version agnostic -- Damien Raude-Morvan Sat, 07 Nov 2009 21:41:36 +0100 tomcat-native (1.1.16-1) unstable; urgency=low * New upstream release (Closes: #514500) - Fix IPv6 issues (Closes: #517163, #521306) * debian/control: - Move libtcnative-1 to "java" section - Add myself to Uploaders - Bump Standards-Version to 3.8.1 (no changes needed) * debian/watch: Update to new upstream location * debian/rules: Provide a "get-orig-source" target using uscan * debian/control: Build-Depends on default-jdk-builddep * debian/rules: use JAVA_HOME=/usr/lib/jvm/default-java * Remove debian/libtcnative-1.install and use dh_lintian to install debian/libtcnative-1.lintian-overrides -- Damien Raude-Morvan Sun, 29 Mar 2009 15:40:58 +0200 tomcat-native (1.1.13-1) unstable; urgency=low * Initial release. Closes: #485037. -- Michael Koch Sat, 07 Jun 2008 15:16:14 +0200