Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
This is a pre-upload request to unblock jetty9/9.2.22-1. This update fixes
a timing attack in a class checking passwords (no CVE ID has been assigned yet)
and removes a broken symlink (#857217).
Note that Jetty 9.2.x is in maintenance mode and receives only critical fixes
from upstream, that's why I'm suggesting to upload a new version (it mostly
consists in the security fix anyway).
Thank you,
Emmanuel Bourg
diff --git a/VERSION.txt b/VERSION.txt
index 5257d881..5ae8c45c 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1,3 +1,10 @@
+jetty-9.2.22.v20170531 - 31 May 2017
+ + 920 no main manifest attribute, in jetty-runner-.jar
+ + 1108 Please improve logging in SslContextFactory when there are no approved
+ cipher suites
+ + 1523 Update ALPN support for Java 8u131
+ + 1556 A timing channel in Password.java
+
jetty-9.2.21.v20170120 - 20 January 2017
+ 592 Support no-value Host header in HttpParser
+ 1229 ClassLoader constraint issue when using NativeWebSocketConfiguration
diff --git a/aggregates/jetty-all/pom.xml b/aggregates/jetty-all/pom.xml
index 2e21ad21..41b2f86c 100644
--- a/aggregates/jetty-all/pom.xml
+++ b/aggregates/jetty-all/pom.xml
@@ -2,7 +2,7 @@
org.eclipse.jetty
jetty-project
-9.2.21.v20170120
+9.2.22.v20170531
../../pom.xml
4.0.0
diff --git a/apache-jsp/pom.xml b/apache-jsp/pom.xml
index 41c59d9c..b4114897 100644
--- a/apache-jsp/pom.xml
+++ b/apache-jsp/pom.xml
@@ -2,7 +2,7 @@
org.eclipse.jetty
jetty-project
-9.2.21.v20170120
+9.2.22.v20170531
4.0.0
apache-jsp
diff --git a/apache-jstl/pom.xml b/apache-jstl/pom.xml
index 0a4f3463..cc7566a9 100644
--- a/apache-jstl/pom.xml
+++ b/apache-jstl/pom.xml
@@ -2,7 +2,7 @@
org.eclipse.jetty
jetty-project
-9.2.21.v20170120
+9.2.22.v20170531
4.0.0
apache-jstl
diff --git a/debian/changelog b/debian/changelog
index 4470c642..46ffe734 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+jetty9 (9.2.22-1) unstable; urgency=medium
+
+ * Team upload.
+ * New upstream release
+ * No longer create a link to jetty-overlay-deployer (Closes: #857217)
+
+ -- Emmanuel Bourg Sun, 11 Jun 2017 23:23:14 +0200
+
jetty9 (9.2.21-1) unstable; urgency=medium
* Team upload.
diff --git a/debian/jetty9.install b/debian/jetty9.install
index ae122cb4..58aa01b3 100644
--- a/debian/jetty9.install
+++ b/debian/jetty9.install
@@ -6,7 +6,6 @@ jetty-distribution/src/main/resources/etc/* etc/jetty9
jetty-jaas/src/main/config/etc/* etc/jetty9
jetty-jmx/src/main/config/etc/* etc/jetty9
jetty-monitor/src/main/config/etc/* etc/jetty9
-jetty-overlay-deployer/src/main/config/etc/* etc/jetty9
jetty-plus/src/main/config/etc/* etc/jetty9
jetty-proxy/src/main/config/etc/*etc/jetty9
jetty-quickstart/src/main/config/etc/* etc/jetty9
@@ -39,7 +38,6 @@ jetty-jaspi/src/main/config/modules/*.mod
usr/share/je
jetty-jmx/src/main/config/modules/*.mod
usr/share/jetty9/modules
jetty-jndi/src/main/config/modules/*.mod
usr/share/jetty9/modules
jetty-monitor/src/main/config/modules/*.mod
usr/share/jetty9/modules
-jetty-overlay-deployer/src/main/config/modules/*.mod
usr/share/jetty9/modules
jetty-plus/src/main/config/modules/*.mod
usr/share/jetty9/modules
jetty-proxy/src/main/config/modules/*.mod
usr/share/jetty9/modules
jetty-quickstart/src/main/config/modules/*.mod
usr/share/jetty9/modules
diff --git a/debian/jetty9.links b/debian/jetty9.links
index 0608047b..95e92111 100755
--- a/debian/jetty9.links
+++ b/debian/jetty9.links
@@ -25,7 +25,6 @@ usr/share/java/jetty9-jaspi.jar
usr/share/jetty9/lib/jetty-jaspi
usr/share/java/jetty9-jmx.jar
usr/share/jetty9/lib/jetty-jmx-${VERSION}.jar
usr/share/java/jetty9-jndi.jar
usr/share/jetty9/lib/jetty-jndi-${VERSION}.jar
usr/share/java/jetty9-monitor.jar
usr/share/jetty9/lib/monitor/jetty-monitor-${VERSION}.jar
-usr/share/java/jetty9-overlay-deployer.jar
usr/share/jetty9/lib/jetty-overlay-deployer-${VERSION}.jar
usr/share/java/jetty9-plus.jar
usr/share/jetty9/lib/jetty-plus-${VERSION}.jar
usr/share/java/jetty9-proxy.jar
usr/share/jetty9/lib/jetty-proxy-${VERSION}.jar
usr/share/java/jetty9-quickstart.jar
usr/share/jetty9/lib/jetty-quickstart-${VERSION}.jar
diff --git a/debian/libjetty9-java.poms b/debian/libjetty9-java.poms
index 488baacf..8bff1950 100644
--- a/debian/libjetty9-java.poms
+++ b/debian/libjetty9-java.poms
@@ -38,7 +38,6 @@ jetty-http/pom.xml
--java-lib --usj-name=jetty9
jetty-io/po