lucene-solr (3.6.2.1+dfsg-0.1+dde) unstable; urgency=medium

  [ qinxialei ]
  * Non-maintainer upload.
  * Rebuild

  [ Debian Java Maintainers ]
  * update

 -- Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>  Tue, 22 Jun 2021 17:37:49 +0800

lucene-solr (3.6.2+dfsg-20+deb10u2) buster; urgency=medium

  * Team upload.
  * Fix CVE-2019-0193:
    The DataImportHandler, an optional but popular module to pull in data from
    databases and other sources, has a feature in which the whole DIH
    configuration can come from a request's "dataConfig" parameter. The debug
    mode of the DIH admin screen uses this to allow convenient debugging /
    development of a DIH config. Since a DIH config can contain scripts, this
    parameter is a security risk. Starting from now on, use of this parameter
    requires setting the Java System property "enable.dih.dataConfigParam" to
    true. For example this can be achieved with solr-tomcat by adding
    -Denable.dih.dataConfigParam=true to JAVA_OPTS in /etc/default/tomcat9.

 -- Markus Koschany <apo@debian.org>  Sun, 16 Aug 2020 15:56:26 +0200

lucene-solr (3.6.2+dfsg-20+deb10u1) buster; urgency=medium

  * Team upload.
  * Disable obsolete call to ContextHandler in solr-jetty9.xml.
    Install solr-permissions.conf into /etc/systemd/system/jetty9.service.d/ and
    override read-only permissions of Jetty9 which will allow the service to
    start out-of-the-box again.
    Thanks to Stephan Beirer for the report. (Closes: #933854, #933857)

 -- Markus Koschany <apo@debian.org>  Wed, 04 Sep 2019 22:30:29 +0200

lucene-solr (3.6.2+dfsg-20) unstable; urgency=medium

  * Team upload.
  * Remove now obsolete solr-permissions.conf in /etc/systemd/system/tomcat9.d/.

 -- Markus Koschany <apo@debian.org>  Thu, 25 Apr 2019 16:39:14 +0200

lucene-solr (3.6.2+dfsg-19) unstable; urgency=medium

  * Team upload.
  * Install solr-permissions.conf into the correct directory.

 -- Markus Koschany <apo@debian.org>  Fri, 19 Apr 2019 00:39:36 +0200

lucene-solr (3.6.2+dfsg-18) unstable; urgency=medium

  * Team upload.
  * Add solr-permissions.conf and override tomcat9 permissions to allow
    solr-tomcat read-write access to /var/lib/solr. (Closes: #919638)

 -- Markus Koschany <apo@debian.org>  Sat, 02 Mar 2019 23:02:16 +0100

lucene-solr (3.6.2+dfsg-17) unstable; urgency=medium

  * Team upload.
  * Do not build the lucene3 javadocs anymore. Very low popcon and build
    failures. (Closes: #917739)
  * Remove TODO.Debian.
  * Add web.xml.patch and use a correct DTD schema otherwise jasper will abort
    the build process.
  * Remove el-api.jar from the classpath to avoid a conflict with jasper-el.
  * Execute postrm commands in solr-jetty and solr-tomcat on purge too.
    (Closes: #914223)

 -- Markus Koschany <apo@debian.org>  Fri, 15 Feb 2019 11:21:49 +0100

lucene-solr (3.6.2+dfsg-16) unstable; urgency=medium

  * Team upload.
  * Transition to Tomcat 9
  * Fixed the compatibility with Jetty 9.4
  * Use salsa.debian.org Vcs-* URLs

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 10 Dec 2018 22:59:36 +0100

lucene-solr (3.6.2+dfsg-15) unstable; urgency=medium

  * Team upload.
  * Switch from libmysql-java to libmariadb-java.

 -- Markus Koschany <apo@debian.org>  Fri, 09 Nov 2018 17:23:59 +0100

lucene-solr (3.6.2+dfsg-14) unstable; urgency=medium

  * Team upload.
  * debian/build-jars: Fix broken links to woodstox-core.jar. The jar files
    were renamed.  (Closes: #906384). This also addresses the runtime error.
    solr-tomcat works as expected again. (Closes: #904063)
  * Disable the tests and work around a FTBFS. Ideally this should been
    investigated and fixed eventually.

 -- Markus Koschany <apo@debian.org>  Sat, 25 Aug 2018 23:23:24 +0200

lucene-solr (3.6.2+dfsg-13) unstable; urgency=medium

  * Team upload.
  * Symlink /etc/solr/solr-jetty.xml to /var/lib/jetty9/webapps/solr.xml
    to make solr-jetty work out-of-the-box.
    Thanks to Larocque for the report. (Closes: #886090)

 -- Markus Koschany <apo@debian.org>  Sun, 06 May 2018 20:51:06 +0200

lucene-solr (3.6.2+dfsg-12) unstable; urgency=high

  * Team upload.
  * Fix FTBFS with Ant 1.10. (Closes: #895797)
  * Fix CVE-2018-1308. (Closes: #896604)
  * Declare compliance with Debian Policy 4.1.4.

 -- Markus Koschany <apo@debian.org>  Tue, 01 May 2018 23:35:41 +0200

lucene-solr (3.6.2+dfsg-11) unstable; urgency=medium

  * Team upload.
  * Switch to compat level 11.
  * Declare compliance with Debian Policy 4.1.3.
  * Fix CVE-2017-12629: possible remote code execution by exploiting XXE. For
    security reasons the RunExecutableListener class was permanently removed.
  * Fix CVE-2017-3163: path traversal vulnerability. (Closes: #867712)

 -- Markus Koschany <apo@debian.org>  Sun, 14 Jan 2018 14:32:32 +0100

lucene-solr (3.6.2+dfsg-10) unstable; urgency=medium

  * Team upload.
  * Remove obsolete Resources className directive as it does not work with
    Tomcat8. Thanks to Matthias Liertzer for the report. (Closes: #856626)

 -- Markus Koschany <apo@debian.org>  Thu, 30 Mar 2017 20:24:00 +0200

lucene-solr (3.6.2+dfsg-9) unstable; urgency=medium

  * Team upload.

  [ Emmanuel Bourg ]
  * Switched the dependencies to tomcat8, libservlet3.1-java and jetty9
  * Standards-Version updated to 3.9.8
  * Use a secure Vcs-* URL
  * Fixed the watch file

  [ tony mancill ]
  * Add Dutch translation of debconf messages. (Closes: #835136)
    Thank you to Frans Spiesschaert for the translation.

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 24 Oct 2016 17:10:19 +0200

lucene-solr (3.6.2+dfsg-8) unstable; urgency=medium

  * Team upload.
  * Transition to bnd 2.1.0.
  * Fix Lintian warning empty-short-license-in-dep5-copyright.
  * Fix Lintian warnings command-with-path-in-maintainer-script.
  * Vcs-Browser: Use https.

 -- Markus Koschany <apo@debian.org>  Thu, 19 Nov 2015 22:13:50 +0100

lucene-solr (3.6.2+dfsg-7) unstable; urgency=medium

  * Add OSGi metadata to JAR manifests
  * Add Jakub Adam to Uploaders
  * Update file paths in d/copyright

 -- Jakub Adam <jakub.adam@ktknet.cz>  Mon, 03 Aug 2015 15:49:56 +0200

lucene-solr (3.6.2+dfsg-6) unstable; urgency=medium

  * Team upload.

  [ Emmanuel Bourg ]
  * Removed the dependency on libgeronimo-stax-1.2-spec-java
  * Fixed a test failure with commons-codec 1.10
  * Fixed a test failure with Java 8 (Closes: #760927)
  * Use XZ compression for the upstream tarball
  * debian/watch: No longer use the defunct githubredir.debian.net redirector

  [ Victor Seva ]
  * solr-tomcat: allow tomcat7-user as depends (Closes: #606138)

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 13 Jul 2015 14:45:06 +0200

lucene-solr (3.6.2+dfsg-5) unstable; urgency=medium

  * Team upload.
  * Fixed the deployment with Jetty 8 (Closes: #752547, #767525)
  * Enable the symbolic links with Jetty (Closes: #701876)
  * Fixed the path to dpkg-statoverride in solr-jetty.postrm (Closes: #767519)

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 31 Oct 2014 19:28:25 +0100

lucene-solr (3.6.2+dfsg-4) unstable; urgency=medium

  * Team upload.
  * Switched the dependencies to tomcat7, libservlet3.0-java and jetty8
  * Fixed a format issue with CVE-2013-6397.patch
  * Standards-Version updated to 3.9.6 (no changes)

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 06 Oct 2014 15:47:56 +0200

lucene-solr (3.6.2+dfsg-3) unstable; urgency=medium

  * Team upload.
  * Add tomcat-coyote to debian/build-jars to address FTBFS.
    (Closes: #749364)
  * Update Vcs- URLs in debian/control.
  * Use debhelper 9.
  * Bump Standards-Version to 3.9.5.

 -- tony mancill <tmancill@debian.org>  Tue, 10 Jun 2014 22:29:19 -0700

lucene-solr (3.6.2+dfsg-2) unstable; urgency=low

  * Fixes for new security vulnerabilities (Closes: #731113):
    - debian/patches/CVE-2013-6397.patch:
      Fix DocumentAnalysisRequestHandler to correctly use
      EmptyEntityResolver to prevent loading of external entities like
      UpdateRequestHandler does.
      CVE-2013-6397
    - debian/patches/CVE-2013-6407_CVE-2013-6408.patch:
      XML and XSLT UpdateRequestHandler should not try to
      resolve external entities. This improves speed of loading e.g.
      XSL-transformed XHTML documents.
      CVE-2013-6407
      Fix XML parsing in XPathEntityProcessor to correctly
      expand named entities, but ignore external entities.
      CVE-2013-6408

 -- James Page <james.page@ubuntu.com>  Sat, 14 Dec 2013 22:07:54 +0000

lucene-solr (3.6.2+dfsg-1) unstable; urgency=low

  * Upload to unstable.

 -- James Page <james.page@ubuntu.com>  Thu, 16 May 2013 10:45:27 +0100

lucene-solr (3.6.2+dfsg-1~exp1) experimental; urgency=low

  [ tony mancill ]
  * solr-jetty: correct symlink to solr in /var/lib/jetty/webapps/
    (Closes: #696347)

  [ James Page ]
  * New upstream release.
  * d/copyright: Removed surplus GPL-2 paragraph.
  * d/control: Tidied short descriptions.

 -- James Page <james.page@ubuntu.com>  Mon, 07 Jan 2013 14:23:47 +0000

lucene-solr (3.6.1+dfsg-1) experimental; urgency=low

  * New upstream release.
  * Add dependency on JDK for solr-jetty (LP: #1046732):
    - d/control: Add extra Depends on default-jdk | java5-jdk as jetty
      requires a full JDK to support use of JSP's which solr uses.

 -- James Page <james.page@ubuntu.com>  Wed, 21 Nov 2012 09:31:05 +0000

lucene-solr (3.6.0+dfsg-1) unstable; urgency=low

  * Initial release. (Closes: #594027)

 -- James Page <james.page@ubuntu.com>  Tue, 29 May 2012 17:32:24 +0100
