2020-11-02 15:43:49 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Oct 27 10:39:27 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
|
|
|
|
- Security fix [bsc#945190, CVE-2015-5262]
|
|
|
|
* http/conn/ssl/SSLConnectionSocketFactory.java ignores the
|
|
|
|
http.socket.timeout configuration setting during an SSL handshake,
|
|
|
|
which allows remote attackers to cause a denial of service (HTTPS
|
|
|
|
call hang) via unspecified vectors.
|
|
|
|
- Add apache-commons-httpclient-CVE-2015-5262.patch
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Oct 27 10:38:45 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
|
|
|
|
- Security fix [bsc#1178171, CVE-2014-3577]
|
|
|
|
* org.apache.http.conn.ssl.AbstractVerifier does not properly
|
|
|
|
verify that the server hostname matches a domain name in the
|
|
|
|
subject's Common Name (CN) or subjectAltName field of the X.509
|
|
|
|
certificate, which allows MITM attackers to spoof SSL servers
|
|
|
|
via a "CN=" string in a field in the distinguished name (DN)
|
|
|
|
of a certificate.
|
|
|
|
- Add apache-commons-httpclient-CVE-2014-3577.patch
|
|
|
|
|
2019-04-02 07:03:48 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Apr 1 23:15:55 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
|
|
|
|
- Trim conjecture from description.
|
|
|
|
|
2019-01-21 16:29:55 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Jan 21 15:28:32 UTC 2019 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
|
|
|
|
- Add maven pom file and clean-up the spec file
|
|
|
|
|
2018-05-15 12:35:21 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue May 15 10:34:34 UTC 2018 - fstrba@suse.com
|
|
|
|
|
|
|
|
- Build with source and target 8 to prepare for a possible removal
|
2018-05-17 21:51:28 +02:00
|
|
|
of 1.6 compatibility
|
2018-05-15 12:35:21 +02:00
|
|
|
- Run fdupes on documentation
|
|
|
|
|
2017-09-07 13:50:51 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Sep 7 11:49:25 UTC 2017 - fstrba@suse.com
|
|
|
|
|
|
|
|
- Build with java source and target versions 1.6
|
|
|
|
* fixes build with jdk9
|
|
|
|
|
2014-07-08 10:24:36 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jul 8 08:23:35 UTC 2014 - tchvatal@suse.com
|
|
|
|
|
|
|
|
- Redo the bytcode disabling properly.
|
|
|
|
- Cleanup with spec-cleaner
|
|
|
|
|
2014-04-14 19:28:02 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Apr 14 17:24:13 UTC 2014 - darin@darins.net
|
|
|
|
|
|
|
|
- disable bytecode test on SLES
|
|
|
|
|
2013-10-25 10:31:37 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Oct 25 08:30:33 UTC 2013 - mvyskocil@suse.com
|
|
|
|
|
|
|
|
- really apply CVE-2012-5783 patch
|
|
|
|
- build with java 6 and higher
|
|
|
|
|
2013-03-28 12:03:10 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Mar 28 10:54:13 UTC 2013 - mvyskocil@suse.com
|
|
|
|
|
|
|
|
- enhance fix of bnc#803332 / CVE-2012-5783
|
|
|
|
* add a check for subjectAltNames for instance
|
|
|
|
|
2013-02-14 10:26:33 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Feb 14 09:10:48 UTC 2013 - mvyskocil@suse.com
|
|
|
|
|
2013-02-15 14:53:02 +01:00
|
|
|
- fix bnc#803332: no ssl certificate hostname checking (CVE-2012-5783)
|
2013-02-14 10:26:33 +01:00
|
|
|
* commons-httpclient-CVE-2012-5783.patch
|
|
|
|
- add jakarta- compat symlinks
|
|
|
|
|
2013-02-05 13:54:40 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Feb 3 20:07:59 UTC 2013 - p.drouand@gmail.com
|
|
|
|
|
|
|
|
- Initial release
|
|
|
|
|