------------------------------------------------------------------- Tue Apr 30 11:15:27 UTC 2024 - Fridrich Strba - Clean the spec: remove old macros and change to working urls ------------------------------------------------------------------- Tue Feb 20 10:19:53 UTC 2024 - Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN. ------------------------------------------------------------------- Tue Oct 27 10:39:27 UTC 2020 - Pedro Monreal - Security fix [bsc#945190, CVE-2015-5262] * http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. - Add apache-commons-httpclient-CVE-2015-5262.patch ------------------------------------------------------------------- Tue Oct 27 10:38:45 UTC 2020 - Pedro Monreal - Security fix [bsc#1178171, CVE-2014-3577] * org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate. - Add apache-commons-httpclient-CVE-2014-3577.patch ------------------------------------------------------------------- Mon Apr 1 23:15:55 UTC 2019 - Jan Engelhardt - Trim conjecture from description. ------------------------------------------------------------------- Mon Jan 21 15:28:32 UTC 2019 - Fridrich Strba - Add maven pom file and clean-up the spec file ------------------------------------------------------------------- Tue May 15 10:34:34 UTC 2018 - fstrba@suse.com - Build with source and target 8 to prepare for a possible removal of 1.6 compatibility - Run fdupes on documentation ------------------------------------------------------------------- Thu Sep 7 11:49:25 UTC 2017 - fstrba@suse.com - Build with java source and target versions 1.6 * fixes build with jdk9 ------------------------------------------------------------------- Tue Jul 8 08:23:35 UTC 2014 - tchvatal@suse.com - Redo the bytcode disabling properly. - Cleanup with spec-cleaner ------------------------------------------------------------------- Mon Apr 14 17:24:13 UTC 2014 - darin@darins.net - disable bytecode test on SLES ------------------------------------------------------------------- Fri Oct 25 08:30:33 UTC 2013 - mvyskocil@suse.com - really apply CVE-2012-5783 patch - build with java 6 and higher ------------------------------------------------------------------- Thu Mar 28 10:54:13 UTC 2013 - mvyskocil@suse.com - enhance fix of bnc#803332 / CVE-2012-5783 * add a check for subjectAltNames for instance ------------------------------------------------------------------- Thu Feb 14 09:10:48 UTC 2013 - mvyskocil@suse.com - fix bnc#803332: no ssl certificate hostname checking (CVE-2012-5783) * commons-httpclient-CVE-2012-5783.patch - add jakarta- compat symlinks ------------------------------------------------------------------- Sun Feb 3 20:07:59 UTC 2013 - p.drouand@gmail.com - Initial release