activemq (5.6.0+dfsg-1+deb7u3build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

 -- Tyler Hicks <tyhicks@canonical.com>  Mon, 22 May 2017 14:55:36 +0000

activemq (5.6.0+dfsg-1+deb7u3) wheezy-security; urgency=high

  * Team upload.
  * Fix CVE-2015-7559.
    DoS in activemq-core via shutdown command.

 -- Markus Koschany <apo@debian.org>  Mon, 24 Apr 2017 12:50:21 +0200

activemq (5.6.0+dfsg-1+deb7u2) wheezy-security; urgency=high

  * Team upload.
  * Fix CVE-2015-5254:
    Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be
    serialized in the broker, which allows remote attackers to execute
    arbitrary code via a crafted serialized Java Message Service (JMS)
    ObjectMessage object.

 -- Markus Koschany <apo@debian.org>  Fri, 18 Mar 2016 22:47:35 +0100

activemq (5.6.0+dfsg-1+deb7u1) wheezy-security; urgency=high

  * Team upload.
  * Fixed security issues (Closes: #777196, #792857)
    - CVE-2014-3612: JAAS LDAPLoginModule allows empty password authentication
    - CVE-2014-3600: XML External Entity expansion when evaluating XPath
      expressions
    - CVE-2014-3576: DoS via unauthenticated remote shutdown command
    - Disable JMX by default (Closes: #769887)

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 07 Aug 2015 22:16:39 +0200

activemq (5.6.0+dfsg-1) unstable; urgency=low

  * New upstream release:
    - Refresh all patches.
    - Drop d/patches/CVE-2011-4605.diff: merged upstream.
    - d/patches/exclude_mqtt.diff: Disable MQTT transport.
    - d/patches/exclude_leveldb.diff: Disable LevelDB Store.
  * d/maven.rules: Upgrade internal components version.
  * Build-Depends on libxstream-java (>= 1.4).

 -- Damien Raude-Morvan <drazzib@debian.org>  Fri, 25 May 2012 00:47:55 +0200

activemq (5.5.0+dfsg-7) unstable; urgency=low

  [ Ulrich Dangel ]
  * Install the activemq-{core,console,run} and kahadb jar files to
    /usr/share/java.  (Closes: #668943)
    - Add the necessary --java-lib flag to d/libactivemq-java.poms

  [ Damien Raude-Morvan ]
  * Thanks to Ulrich Dangel for RC bugfix, upload to unstable.

 -- Damien Raude-Morvan <drazzib@debian.org>  Tue, 01 May 2012 14:38:27 +0200

activemq (5.5.0+dfsg-6) unstable; urgency=low

  * d/patches/activemq-admin.patch: Fix activemq-admin "unexpected operator"
    (Closes: #662698). Thanks to Mathieu Mitchell.
  * Bump Standards-Version to 3.9.3: no changes needed.

 -- Damien Raude-Morvan <drazzib@debian.org>  Sun, 01 Apr 2012 20:26:10 +0200

activemq (5.5.0+dfsg-5) unstable; urgency=high

  * Fix CVE-2011-4905 (potential Denial of Service) by backporting upstream
    patch on failover feature. (Closes: #655495).
  * Set urgency=high for security fix.

 -- Damien Raude-Morvan <drazzib@debian.org>  Sun, 15 Jan 2012 19:38:21 +0100

activemq (5.5.0+dfsg-4) unstable; urgency=low

  * d/activemq.init: Merge change proposed by Jonas Genannt to allow
    console startup, useful for debugging purposes. (Closes: #645241).

 -- Damien Raude-Morvan <drazzib@debian.org>  Wed, 26 Oct 2011 21:13:20 +0200

activemq (5.5.0+dfsg-3) unstable; urgency=low

  * d/control: Wrap-and-sort Build-Depends.
  * d/activemq.links: Since libasm3-java package now provide splited JAR
    also link all ASM3 jars (Closes: #644834).
  * d/maven.rules:
    - Don't replace osgi artifacts since they are now provided by
    official osgi-core package.
    - Force 2.1.1 version of maven-war-plugin.

 -- Damien Raude-Morvan <drazzib@debian.org>  Tue, 11 Oct 2011 23:11:16 +0200

activemq (5.5.0+dfsg-2) unstable; urgency=low

  * Drop d/patches/exclude_xsd_install.diff and install XSD files into JAR.
  * Build-Depends on libxbean-java 3.7 for maven-xbean-plugin.
  * Add new "activemq" package to start ActiveMQ server:
    - d/activemq.{postinst,prerm}: Create a activemq system user
    - d/activemq.{install,links}: Install activemq and activemq-admin commands
      to /usr/bin/, set /usr/share/activemq/ as ACTIVEMQ_HOME and install
      many examples into /usr/share/doc/activemq/examples/.
    - d/activemq.README.Debian: Describe how to setup an alternative
      instance (Closes: #634868).
    - Provide a way to handle multi-instances of activemq. Each directory
      inside /etc/activemq/instances-enabled/ will be started as an
      instance with its own configuration. Thanks to Jonas Genannt for patch.
  * d/patches/javadoc_links.diff: Update links to system-wide Javadoc.
  * d/libactivemq-java.README.Debian: Describe disabled features regarding
    upstream package.
  * d/control: Don't use package name in synospis.

 -- Damien Raude-Morvan <drazzib@debian.org>  Sun, 04 Sep 2011 18:50:59 +0200

activemq (5.5.0+dfsg-1) unstable; urgency=low

  * Initial release (Closes: #627778).

 -- Damien Raude-Morvan <drazzib@debian.org>  Tue, 21 Jun 2011 00:32:12 +0200
