batik (1.12-4+deb11u2) bullseye; urgency=medium * Team upload. * Fixing CVE-2022-44729 and CVE-2022-44730 -- Pierre Gruet Fri, 25 Aug 2023 11:07:07 +0200 batik (1.12-4+deb11u1) bullseye-security; urgency=high * Team upload. * Fix CVE-2022-41704 and CVE-2022-42890: It was discovered that Apache Batik, an SVG library for Java, allowed attackers to run arbitrary Java code by processing a malicious SVG file. -- Markus Koschany Sat, 29 Oct 2022 16:22:11 +0200 batik (1.12-4) unstable; urgency=medium * Team upload. * Add manifest for batik-i18n. * Mark in batik-css manifest it requires batik-i18n. -- Sudip Mukherjee Wed, 23 Sep 2020 11:46:22 +0100 batik (1.12-3) unstable; urgency=medium * Team upload. * Update version of Require-Bundle in d/manifest. -- Sudip Mukherjee Sat, 05 Sep 2020 23:45:45 +0100 batik (1.12-2) unstable; urgency=medium * Team upload. * Use debhelper-compat. - Update compat level to 13. * Update version in d/manifest. * Use java helper to generate MANIFEST.MF from d/manifest. - MANIFEST file in generate jars missed Bundle information. * Update Standards-Version to 4.5.0 -- Sudip Mukherjee Fri, 04 Sep 2020 19:00:07 +0100 batik (1.12-1.1) unstable; urgency=medium * Non-maintainer upload. * CVE-2019-17566: Server-side request forgery via xlink:href attributes. -- Emilio Pozuelo Monfort Fri, 10 Jul 2020 18:23:19 +0200 batik (1.12-1) unstable; urgency=medium * Team upload. * New upstream 1.12 -- Mathieu Malaterre Sun, 16 Feb 2020 21:16:51 +0100 batik (1.10-2) unstable; urgency=medium * Team upload. * Fixed the build failure with Java 11 (Closes: #913050) * Tightened the version of maven-debian-helper required to build batik (Closes: #902532) * Standards-Version updated to 4.2.1 * Use salsa.debian.org Vcs-* URLs -- Emmanuel Bourg Thu, 20 Dec 2018 00:28:22 +0100 batik (1.10-1) unstable; urgency=medium * Team upload. * New upstream version 1.10. - squiggle works as expected again after updating the policy patch. (Closes: #884481) - Fix CVE-2018-8013: information disclosure vulnerability. (Closes: #899374) * Drop 07_optional_rhino_and_jython_dependencies.patch. Applied upstream. * Remove repack scripts and use Files-Excluded mechanism instead. * Update the watch file. Use Files-Excluded. * Ignore jython artifact and add no-Jython-support.patch. Jython as a scripting language for Batik is no longer supported because the dependency complicates transitions. (Closes: #884536) * Ignore batik-test-old module. -- Markus Koschany Fri, 25 May 2018 13:53:34 +0200 batik (1.9-3) unstable; urgency=medium * Team upload. * Made the rhino and jython dependencies optional (Closes: #875322) * Removed the unused dependencies on libbsf-java, libcommons-io-java and libcommons-logging-java * Build with Maven instead of Ant * Build with the DH sequencer instead of CDBS * Standards-Version updated to 4.1.1 * Switch to debhelper level 10 -- Emmanuel Bourg Mon, 02 Oct 2017 16:55:14 +0200 batik (1.9-2) unstable; urgency=medium * Fix "batik-1.9 causes FTBFS for freeplane due to changed artifacts/poms" Upstream poms assume maven build. Ant build bundles contents of batik-i18n.jar and batik-constants.jar into batik-util.jar. Use debian/maven.rules to adjust for this. (Closes: #875322) -- Christopher Hoskin Wed, 13 Sep 2017 07:57:01 +0100 batik (1.9-1) unstable; urgency=medium * Team upload. * Moved the package to Git * Updated signing keys from https://www.apache.org/dist/xmlgraphics/batik/KEYS * Exclude jar files from documentation-sources * Add repack script to remove non-free ICC profiles * New upstream (1.9) + Fix "CVE-2017-5662: information disclosure vulnerability" Upstream claim BATIK-1139 is fixed in 1.9 (Closes: #860566) * Disable old patches, pending further investigation * Get package building again + maven-artifacts is no longer a target, explicitly add jars to DEB_ANT_BUILD_TARGET + Add debian/debian/libbatik-java.poms, call mh_install to install jars and poms, for closer alignment to other pkg-java packages * Fix spellings in debian/manpages/rasterizer.1 * Remove redundant remove-js.patch * Fix "batik is crashing (libbatik-java)" by patching build.xml to specify classpaths as appropriate for Debian (Closes: #605063) * Update Standards-Version from 3.9.8 to 4.0.0 (no change required) * Update 06_fix_paths_in_policy_files.patch * Remove bug805469.patch (fixed upstream http://svn.apache.org/viewvc?view=revision&revision=1687506) * Update debian/copyright * Remove unnecessary greater-than versioned dependencies from debian/control -- Christopher Hoskin Mon, 04 Sep 2017 06:57:58 +0100 batik (1.8-4) unstable; urgency=medium [ Jakub Adam ] * Team upload. * Fix versioned OSGi dependencies. * Fix repeating Breaks: in d/control. [ Mathieu Malaterre ] * Team upload. * Fix squiggle script crashes with a NoClassDefFoundError. Closes: #824113 * Fix FOUserAgent - SVG graphic could not be built. Closes: #805469 * Bump Std-Vers to 3.9.8, no changes needed -- Mathieu Malaterre Fri, 07 Oct 2016 09:23:44 +0200 batik (1.8-3) unstable; urgency=medium [ Mathieu Malaterre ] * Team upload. * Fix compatibility issue. Closes: 794214 [ Emmanuel Bourg ] * Removed the unused dependency on libavalon-framework-java -- Mathieu Malaterre Sat, 12 Sep 2015 22:24:50 +0200 batik (1.8-2) experimental; urgency=medium * Team upload. * Fix truncated patch: d/p/06_fix_paths_in_policy_files.patch * Fix broken symlinks (Thanks to Jérôme Robert/debian-java) -- Mathieu Malaterre Thu, 16 Jul 2015 21:22:08 +0200 batik (1.8-1) experimental; urgency=medium * Team upload. * New upstream. Closes: #792175 * Refreshed patches, remove one applied upstream. * Prefer File-Excluded: syntax over new-upstream script -- Mathieu Malaterre Sun, 12 Jul 2015 15:04:43 +0200 batik (1.7+dfsg-5) unstable; urgency=medium [ tony mancill ] * Team upload. * Update homepage URL to https://xmlgraphics.apache.org/batik/ in debian/control and debian/copyright. (Closes: #771539) * Add debian/patches/cve_2015_0250.patch to disable external XML entity resolution (information disclosure). This addresses CVE-2015-0250. (Closes: #780897) [ Emmanuel Bourg ] * Replaced the Build-Id in the manifests with a constant value to make the build reproducible. -- tony mancill Sat, 21 Mar 2015 15:24:17 -0700 batik (1.7+dfsg-4) unstable; urgency=low * Team upload. [ Jakub Adam ] * Add OSGi metadata to JAR manifests. [ Markus Koschany ] * debian/rules: Set JAVA_HOME_DIRS to /usr/lib/jvm/default-java, build-depend on default-jdk and not on openjdk6-jdk | openjdk-7-jdk anymore. Fixes FTBFS with pbuilder-satisfydepends-classic. (Closes: #725461) * Bump Standards-Version to 3.9.4, no changes. * Bump compat level to 9 and require debhelper >= 9. * Use canonical VCS-URI. * Remove Michael Koch from Uploaders. (Closes: #653996) * libatik-java: Drop all jre/jdk dependencies. Recommend default-jre instead. * Run wrap-and-sort -sa * Add DEP-3 header to all patches. -- Markus Koschany Mon, 14 Oct 2013 12:49:09 +0200 batik (1.7+dfsg-3) unstable; urgency=low * Team upload. * Fix too strict Java JRE dependency. (Closes: #678612) -- Niels Thykier Sat, 23 Jun 2012 15:04:32 +0200 batik (1.7+dfsg-2) unstable; urgency=low * Team upload. * Allow OpenJDK-7 as alternative to OpenJDK-6. * Remove old references to sun-java. * Add missing call to mh_clean in the clean rule. * Fix typo in manpage. -- Niels Thykier Tue, 19 Jun 2012 12:57:28 +0200 batik (1.7+dfsg-1) unstable; urgency=low * Provide a repackaged tarball stripping all binary jars (closes: #657244) - updated debian/new-upstream as a consequence * Disable the installation of batik-js.jar, that wasn't built from sources (it was a subset of rhino's js.jar) * Conforms to standards 3.9.3 * Modernize a bit debian/copyright -- Vincent Fourmond Mon, 12 Mar 2012 20:53:43 +0100 batik (1.7-8) unstable; urgency=low * Fix FTBS with recent openjdk (closes: #643508) * Bump to newer standards version, no changes required -- Vincent Fourmond Thu, 29 Sep 2011 21:35:31 +0200 batik (1.7-7) unstable; urgency=low * Re-enable all patches that had mistakenly been disabled by switching to source format 3.0 (quilt) (closes: #604871) * Already conforms to standards 3.9.1 -- Vincent Fourmond Thu, 25 Nov 2010 16:24:33 +0100 batik (1.7-6) unstable; urgency=low [ Vincent Fourmond ] * Really fix the dependency on java runtime to only pull headless runtimes [ Gabriele Giacone ] * Added Maven support * Standards-Version to 3.8.4 * Source format 3.0 (quilt) -- Gabriele Giacone <1o5g4r8o@gmail.com> Sun, 21 Feb 2010 19:02:10 +0100 batik (1.7-5) unstable; urgency=low * Dropped the dependency on openjdk-6-jre, in profit for openjdk-6-jre-headless, so we won't pull the whole Gtk libraries just for using fop (closes: #551545). * Already conforms to standards 3.8.3 * Removing Arnaud Vandyck from Uploaders as he did retire. Many thanks for your work on batik ! -- Vincent Fourmond Mon, 25 Jan 2010 21:58:59 +0100 batik (1.7-4) unstable; urgency=low * Porting fixes from Ubuntu (1.7.dfsg-0ubuntu3) by Onkar Shinde : - add xml-apis-ext and js to classpath for debian/wrappers/squiggle - promote rhino to a Recommends, as squiggle depends on it - debian/patches/06_fix_paths_in_policy_files.patch to fix the paths of the security policy files * This finally makes squiggle work for Debian ! (closes: #499852) Many thanks again to Onkar... -- Vincent Fourmond Mon, 20 Apr 2009 21:22:26 +0200 batik (1.7-3) unstable; urgency=low [ Onkar Shinde ] * debian/rules - Use DEB_UPSTREAM_VERSION at all places. - Add symlinks batik-.jar and batik.jar pointing to batik-all-.jar. (Closes: #522340) * debian/control - Add myself to 'Uploaders'. [ Vincent Fourmond ] * Changed section to java, what currently is in the archive * Already conforms to standard 3.8.1 * Bumped debhelper compatibility level to 5, and bumped Build-depends accordingly -- Vincent Fourmond Mon, 13 Apr 2009 20:42:00 +0200 batik (1.7-2) unstable; urgency=low * Adding xmlgraphics-commons-1.2 and xml-apis-ext to the jars for the build + corresponding build-deps * Added Vcs-* fields [ Sylvestre Ledru ] * Build class version 49 (instead of 50) [ Vincent Fourmond ] * Minor updates to the debian/copyright file * It seems time has come for an upload to unstable... * Adding ${misc:Depends} for potential debhelper-induced dependencies * Tweaking rasterizer.1 to avoid unbreakable lines -- Vincent Fourmond Wed, 18 Feb 2009 22:58:36 +0100 batik (1.7-1) experimental; urgency=low * New upstream release (Closes: #417888, #490556) * Switched to using java-wrappers for executables; dropping the /usr/lib/java/wrappers.sh script * Switched debian/copyright to a machine-readable format * Added ANT_OPTS to fix the compiler out of memory problem * Removing 02_fix_jar_target, no longer applicable * Removing 01_build_xml, as the created target (pdf-transcoder) cannot be built anymore * Fixed JAVA_HOME_DIRS so it can build with Sun's java 5 * Strip the full text of the Apache-2.0 license, as it now is in the common licenses * Switch to openjdk-6-jdk for building (closes: #397562) * Several tweaks in debian/rules to build and install all the jars, based on a patch by Sylvestre Ledru * Now depends also on libxml-commons-external-java for SVG parsing * Conforms to standards 3.8.0 * Updated rasterizer.sh to work with libxml-commons-external-java and openjdk (closes: #490621) * Move wrapper scripts to debian/wrappers, updating debian/rules accordingly * Recommend fop for PDF output of rasterizer * Removed README.Debian-source: we don't add the fop sources anymore as those are already packaged in the fop debian package * Uploading to experimental, as there are potentially much too many disruptive changes to this package. -- Vincent Fourmond Wed, 17 Sep 2008 20:14:33 +0200 batik (1.6-4) unstable; urgency=low [ Mark Howard ] * debian/watch: added. [ Vincent Fourmond ] * Created a /usr/lib/java/wrappers.sh for the various programs provided by libbatik-java, to make them work in more various environments. * Manual pages for svgpp, rasterizer, squiggle and ttf2svg (Closes: #458021) * rasterizer now launches by default with -scriptSecurityOff so it works again (Closes: #413103). Added an option to turn security back on. * Comply with policy 3.7.3 * Changed build-deps to sun-j2sdk1.4, to reflect the current make-jpkg output. -- Vincent Fourmond Thu, 03 Jan 2008 01:20:15 +0100 batik (1.6-3) unstable; urgency=low * Add wrapper scripts (rasterizer.sh squiggle.sh svgpp.sh ttf2svg.sh) to start batik applications. Install them without the .sh prefix in /usr/bin/. (Closes: #152180) * Removed build dependency on libgnujaxp-java (Closes: #385293). * Build-Depends on debhelper and cdbs (instead of Build-Depends-Indep). * Build-Depends-Indep on java-gcj-compat-dev. * Updated Standards-Version to 3.7.2. * Added myself to Uploaders. -- Michael Koch Mon, 18 Sep 2006 21:11:49 +0000 batik (1.6-2) unstable; urgency=low * Re-Introduce lost link batik.jar and add 02_fix_jar_target.patch to fix library content (closes: #334878) * Thighten depends on avalon-framework (closes: #335883) * Corrected README.Debian -- Wolfgang Baer Thu, 20 Oct 2005 17:17:28 +0200 batik (1.6-1) unstable; urgency=low * New upstream release + Updated copyright to Apache 2.0 License * libant1.6-java to ant transition * Use JAVA_HOME dirs as generated by java-package (closes: #306639) * Include, build and ship the pdf-transcoder from fop CVS (closes: #327354) + See README.Debian-source for details about the transcoder source + Added build-deps and depends on libavalon-framework-java, libcommons-io-java and libcommons-logging-java for the pdf-transcoder + Patched build.xml to call the pdf-transcoder build target * Removed Ola and Stephan from uploaders * Extended description a little bit * Standards-Version 3.6.2 (no changes) -- Wolfgang Baer Mon, 3 Oct 2005 19:29:22 +0200 batik (1.5.1-1) unstable; urgency=low * New upstream release - security fix [CAN-2005-0508] (closes: #288009) * Added rhino as build dependency * Added rhino to Suggests * Switched to jdk modern compiler because jikes fails * Updated README.Debian explaining why built with non-free jdk * Updated standards version to 3.6.1 - no changes * avdyk: I added Wolfgang to the uploaders -- Wolfgang Baer Sun, 6 Mar 2005 20:30:08 +0100 batik (1.5final-3) unstable; urgency=low * expand SVG in description (closes: #173105). -- Arnaud Vandyck Thu, 12 Feb 2004 16:30:26 +0100 batik (1.5final-2) unstable; urgency=low * added the dependency and the path to j2sdk1.3 to build batik (closes: #192539). You got to know that I have not been able to build batik with j2sdk1.3. I've been obliged to build it with IBMJDK1.4.1. * added gnujaxp as a dependency and in the classpath (closes: #192542) -- Arnaud Vandyck Thu, 12 Feb 2004 14:54:05 +0100 batik (1.5final-1) unstable; urgency=low * New upstream release * Build system is now CDBS * Added build-dependencies libxalan2-java and libbsf-java * Changed Stefan Gybas email * j2sdk to build and j2re to run because of swing * Debian Java Maintainers is now the new maintainer, added Ola Lundqvist , Takashi Okamoto , Stefan Gybas , Arnaud Vandyck as uploaders -- Arnaud Vandyck Sat, 25 Oct 2003 15:14:49 +0200 batik (1.5beta2-4) unstable; urgency=low * Renamed the batik jar file, closes: #171327. -- Ola Lundqvist Mon, 2 Dec 2002 08:51:17 +0100 batik (1.5beta2-3) unstable; urgency=low * Jars in /usr/share/java not in /usr/share/java/lib, closes: #170791. -- Ola Lundqvist Wed, 27 Nov 2002 09:00:31 +0100 batik (1.5beta2-2) unstable; urgency=low * New maintainer. * Fixed dependencies, closes: #158221. * Fixed build problem. * Added two other people as co-maintainers. * Fixed so that building wont take that long time if -nc option is used. * Now can use kaffe instead of j2sdk. Workaround for a bug in kaffe. On the other hand it seems not like the classic compiler so I still have to set that damn JAVA_HOME to the j2sdk... -- Ola Lundqvist Thu, 21 Nov 2002 08:24:39 +0100 batik (1.5beta2-1) unstable; urgency=low * Initial Upload (Closes: #149676) -- Jeff Bailey Tue, 11 Jun 2002 10:52:34 -0400