Author: Markus Koschany
Revision Date: 2015-05-21 17:53:24 UTC

* Team upload.
* Imported Upstream SVN snapshot version 1.2.40+svn150520.
  - Fix CVE-2014-8111: (Closes: #783233)
    Apache Tomcat Connectors (mod_jk) ignored JkUnmount rules for subtrees of
    previous JkMount rules, which allows remote attackers to access otherwise
    restricted artifacts via unspecified vectors.
* debian/control: Build-Depend on debhelper >= 9.
* Remove source.lintian-overrides since we now build-depend on debhelper >=9.
* Drop 0004-corrupted-worker-activation-status.patch. Fixed upstream.
* debian/rules:
  - Disable sed command in debian/rules. Apparently not necessary for this
    release.
  - Run buildconf.sh before dh_auto_configure step since this is a requirement
    for building SVN snapshots.
  - Update dh_auto_clean override. Ensure that the package can be built twice
    in a row.
* debian/control:
  - Add autoconf to Build-Depends.
  - Add automake to Build-Depends.
  - Remove Conflicts and Replaces fields because they are obsolete.
* Add disable-libtool-check.patch and fix a FTBFS. We already build-depend on
  libtool but the script is not smart enough.
* Add fix-privacy-breach.patch and fix lintian errors about "privacy breach
  logo".
* Update debian/copyright information. Add missing BSD-3-clause license.
* Add README.source.

Author: Markus Koschany
Revision Date: 2015-05-23 23:33:30 UTC

* Team upload.
* Add CVE-2014-8111.patch. (Closes: #783233)
  It was discovered that a JkUnmount rule for a subtree of a previous JkMount
  rule could be ignored. This could allow a remote attacker to potentially
  access a private artifact in a tree that would otherwise not be accessible
  to them.
  - Add option to control handling of multiple adjacent slashes in mount and
    unmount. New default is collapsing the slashes only in unmount. Before
    this change, adjacent slashes were never collapsed, so most mounts and
    unmounts didn't match for URLs with multiple adjacent slashes.
  - Configuration is done via new JkOption for Apache (values
    "CollapseSlashesAll", "CollapseSlashesNone" or "CollapseSlashesUnmount").

Author: Markus Koschany
Revision Date: 2015-05-23 01:16:37 UTC

* Team upload.
* Add CVE-2014-8111.patch. (Closes: #783233)
  It was discovered that a JkUnmount rule for a subtree of a previous JkMount
  rule could be ignored. This could allow a remote attacker to potentially
  access a private artifact in a tree that would otherwise not be accessible
  to them.
  - Add option to control handling of multiple adjacent slashes in mount and
    unmount. New default is collapsing the slashes only in unmount. Before
    this change, adjacent slashes were never collapsed, so most mounts and
    unmounts didn't match for URLs with multiple adjacent slashes.
  - Configuration is done via new JkOption for Apache
    (values "CollapseSlashesAll", "CollapseSlashesNone" or
    "CollapseSlashesUnmount").

Author: Markus Koschany
Revision Date: 2015-05-21 17:53:24 UTC

* Team upload.
* Imported Upstream SVN snapshot version 1.2.40+svn150520.
  - Fix CVE-2014-8111: (Closes: #783233)
    Apache Tomcat Connectors (mod_jk) ignored JkUnmount rules for subtrees of
    previous JkMount rules, which allows remote attackers to access otherwise
    restricted artifacts via unspecified vectors.
* debian/control: Build-Depend on debhelper >= 9.
* Remove source.lintian-overrides since we now build-depend on debhelper >=9.
* Drop 0004-corrupted-worker-activation-status.patch. Fixed upstream.
* debian/rules:
  - Disable sed command in debian/rules. Apparently not necessary for this
    release.
  - Run buildconf.sh before dh_auto_configure step since this is a requirement
    for building SVN snapshots.
  - Update dh_auto_clean override. Ensure that the package can be built twice
    in a row.
* debian/control:
  - Add autoconf to Build-Depends.
  - Add automake to Build-Depends.
  - Remove Conflicts and Replaces fields because they are obsolete.
* Add disable-libtool-check.patch and fix a FTBFS. We already build-depend on
  libtool but the script is not smart enough.
* Add fix-privacy-breach.patch and fix lintian errors about "privacy breach
  logo".
* Update debian/copyright information. Add missing BSD-3-clause license.
* Add README.source.

Author: Damien Raude-Morvan
Revision Date: 2012-04-04 22:32:12 UTC

* New upstream release:
  - d/patches/0004-compiler-hardening.patch: Merged upstream.
* d/rules: Just use dh_auto. No need to force using sub-directory as
  debhelper is doing it for us.
* Prepare Apache 2.4 transition (Closes: #666851):
  - d/control: Add Build-Depends apache2-dev and dh-apache2.
  - d/rules: Call apache2 dh addon.
  - d/libapache2-mod-jk.{postinst,postrm}: Replace with
    d/libapache2-mod-jk.apache2.
  - d/control: Remove explicit Depends on apache2.2-common.
* d/control: Bump Standards-Version to 3.9.3, no changes needed.
* d/copyright: Upgrade to copyright-format 1.0.

Author: Miguel Landaeta
Revision Date: 2011-02-09 23:07:41 UTC

* Team upload.
* Fix issue with socket(2) syscall and SOCK_CLOEXEC flag affecting
  upgrades from 1.2.26 to 1.2.30. (Closes: #609886).

Author: Stefan Fritsch
Revision Date: 2009-05-31 20:33:52 UTC

* Non-maintainer upload by the security-team.
* CVE-2008-5519: Fix information disclosure vulnerability when clients
  abort connection before sending POST body (closes: #523054).