zookeeper (3.4.5+dfsg-2+deb7u2) wheezy-security; urgency=high

  * CVE-2019-0201: Prevent an information disclosure vulnerability where users
    who were not authorised to read data were able to view the access control
    list. (Closes: #929283)

 -- Chris Lamb <lamby@debian.org>  Fri, 24 May 2019 09:22:19 +0100

zookeeper (3.4.5+dfsg-2+deb7u1) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2017-5637 by backporting version 3.4.5 from Jessie. The 3.3 branch
    is no longer supported upstream.
    It was discovered that Zookeeper, a service for maintaining
    configuration information, didn't restrict access to the computationally
    expensive wchp/wchc commands which could result in denial of service by
    elevated CPU consumption.
    This update disables those two commands by default. The new
    configuration option "4lw.commands.whitelist" can be used to whitelist
    commands selectively (and the full set of commands can be restored
    with '*')

 -- Markus Koschany <apo@debian.org>  Thu, 15 Jun 2017 20:42:37 +0200

zookeeper (3.4.5+dfsg-2+deb8u2) jessie-security; urgency=medium

  * CVE-2017-5637

 -- Moritz Mühlenhoff <jmm@debian.org>  Wed, 31 May 2017 11:28:54 +0200

zookeeper (3.4.5+dfsg-2+deb8u1) jessie; urgency=high

  * Team upload.
  * Fix CVE-2016-5017:
    Lyon Yang discovered that the C client shells cli_st and cli_mt of Apache
    Zookeeper, a high-performance coordination service for distributed
    applications, were affected by a buffer overflow vulnerability associated
    with parsing of the input command when using the "cmd:" batch mode syntax.
    If the command string exceeds 1024 characters a buffer overflow will occur.

 -- Markus Koschany <apo@debian.org>  Sat, 01 Oct 2016 20:02:51 +0200

zookeeper (3.4.5+dfsg-2) unstable; urgency=high

  [ tony mancill ]
  * Team upload.
  * Add slf4j jars to CLASSPATH in zooinspector. (Closes: #712778)

  [ Tim Retout ]
  * debian/watch: Add pgp signature mangling, and use main mirror.
  * debian/upstream/signing-key.asc: Add upstream signing keys.
  * debian/*.preinst: Transition /usr/share/doc symlinks to real
    directories. (Closes: #720148)
  * Urgency set to high for RC bugfix.

 -- Tim Retout <diocles@debian.org>  Sun, 16 Mar 2014 20:07:23 +0000

zookeeper (3.4.5+dfsg-1) unstable; urgency=low

  * Upload to unstable.
  * d/p/fixes/ZOOKEEPER-740: Cherry picked fix from upstream bugtracker to
    resolve issue with slow running add_auth calls with multi-threaded
    client.
  * d/rules: Disable mt client tests due to test library incompatibility
    with libc 2.17.
  * d/rules: Drop override_dh_installdocs, no longer required.
  * d/control: Tweak depends for libzookeeper-java{-doc} to be Java policy
    compliant.

 -- James Page <james.page@ubuntu.com>  Mon, 06 May 2013 18:27:16 -0700

zookeeper (3.4.5+dfsg-1~exp2) experimental; urgency=low

  * d/conf_example/environment: Add missing jars to zookeeper CLASSPATH
    for 3.4.5 release.
  * d/control: Update VCS fields to be canonical.

 -- James Page <james.page@ubuntu.com>  Thu, 28 Feb 2013 09:26:11 +0000

zookeeper (3.4.5+dfsg-1~exp1) experimental; urgency=low

  * New upstream release (Closes: #699120, LP: #1107400, #954160):
    - d/p/ZOOKEEPER-{1374,1033}: Dropped, included upstream.
    - Refreshed remaining patches.
    - Drop bookkeeper support, now a separate project.
    - d/control: Added new BD's on netty, slf4j and mockito.
    - d/zookeeper.{install,cron.daily}: Drop scheduled transaction
      log purging as now handled internally.
  * d/control: Bumped Standards-Version, no changes.
  * d/control: Dropped obsolete DM-Upload-Allowed.
  * Sync Ubuntu changes:
    - d/rules: Only execute native test suite on i386 and amd64
      architectures; its a bit racey and does not execute reliably
      on others.
  * d/rules,zookeeperd.upstart: Rejig now that debhelper in Debian and
    Ubuntu does the right things with init and upstart configs.
  * d/rules: Disable native tests on Ubuntu due to incompatibility in
    test framework with glibc 2.17.

 -- James Page <james.page@ubuntu.com>  Thu, 07 Feb 2013 10:48:31 +0000

zookeeper (3.3.6+dfsg-1) experimental; urgency=low

  * Re-sync with Ubuntu.
  * New upstream release:
    - Dropped patches for ZOOKEEPER-1403 and ZOOKEEPER-1431; included upstream.
    - Refreshed all other patches.
  * d/{watch,orig-tar.sh,README.source}: Repack upstream tarball using uscan
    to ease new upstream releases.
  * d/control: Version debhelper (>= 9~).
  * d/rules: Refactor contrib builds to use properties file.
  * d/ant.properties: Collate properties for contrib builds ensuring that
    bytecode built is backwards compatible.

 -- James Page <james.page@ubuntu.com>  Wed, 19 Sep 2012 10:08:46 +0100

zookeeper (3.3.5+dfsg1-2) unstable; urgency=low

  * d/patches/fixes/ZOOKEEPER-1431: Fix up memory leak in zookeeper
    python binding which results in significant memory growth for large
    result sets (Closes: #665962). Thanks to Johan Rydberg for identifying 
    this bug and Kapil Thangavelu for the patch.

 -- James Page <james.page@ubuntu.com>  Mon, 28 May 2012 11:51:03 +0100

zookeeper (3.3.5+dfsg1-1.1) unstable; urgency=low

  * Non maintainer upload.
  * Fix build failure with GCC 4.7.

 -- Matthias Klose <doko@debian.org>  Thu, 10 May 2012 18:00:25 +0200

zookeeper (3.3.5+dfsg1-1) unstable; urgency=low

  * New upstream bugfix release.
    - d/fix-broken-c-client-unittest.patch: Dropped - accepted upstream.
    - Refreshed all other patches.
  * Bumped Standards-Version: 3.9.3.
  * Fix issue with quoting of parameters in zkCli.sh (Closes: #661837):
    - d/patches/fixes/ZOOKEEPER-1403: Ensure parameters are correctly
      quoted - thanks to John Eikenberry for this fix.

 -- James Page <james.page@ubuntu.com>  Wed, 21 Mar 2012 21:20:30 +0000

zookeeper (3.3.4+dfsg1-3) unstable; urgency=low

  * Sync changes from Ubuntu:
    - Switch zookeeperd upstart configuration to use start-stop-daemon.
      Thanks to Clint Byrum for this fix.
    - Enable C and Java test suites:
      - d/patches/fixes/ZOOKEEPER-1374: Use __sync_* primitives
        instead of ASM code when available to improve portability across 
        supported platforms.
      - d/patches/fix-broken-c-client-test.patch: Fixes the unit test so
        it will pass with EINVAL which is the correct error. Thanks to
        Clint Byrum for this fix.
      - d/rules: Enable C client test suite for all architectures.
      - d/rules: Only run core Java test suite when building 
        Architecture: all packages.

 -- James Page <james.page@ubuntu.com>  Mon, 30 Jan 2012 13:21:21 +0000

zookeeper (3.3.4+dfsg1-2) unstable; urgency=low

  * Added new libzookeeper-st{2,-dev} packages (Closes: #650938) and 
    renamed libzookeeper{2,-dev} -> libzookeeper-mt{2,-dev}.
  * Added transitional package libzookeeper2 -> libzookeeper-mt2.
  * Convert libzookeeper-{st,mt}2 for MultiArch support.
  * Disable detection of cygwin as not relevant for Debian based
    installs and complicates configuration (Closes: #650882). Thanks
    to Akira Kitada for this patch.
  * Really close RFH (Closes: #579791).

 -- James Page <james.page@ubuntu.com>  Mon, 12 Dec 2011 13:31:47 +0000

zookeeper (3.3.4+dfsg1-1) unstable; urgency=low

  [ James Page ]
  * New upstream release:
    - d/patches/fixes/ZOOKEEPER-1117: Dropped - fix included upstream.
    - Refreshed patches.
  * Added support for upstart under Ubuntu (LP: #862762):
    - d/rules,d/zookeeperd.upstart.in: Detect Ubuntu and swap in provided 
      upstart configuration if required.
    - d/ubuntu|debian_control_vars,d/control,d/rules: Provide different Depends 
      for zookeeperd package when building under Ubuntu/Debian.
  * Enabled C and Java test suites:
    - d/control,d/compat: Bumped debhelper compat level to 8 to allow 
      arch/indep overrides.
    - d/rules: Enable test suites for -arch and -indep builds.
    - d/patches/debian/patch-build-system: Patch unit testing to exclude 
      InvalidSnapshot and Upgrade tests (non-free data) and to pickup 
      junit4 from system library.
    - d/rules: Disable test suite execution for the time being as does 
      not run reliably.
  * Close RFH for this package (LP: #579791).

  [ Damien Raude-Morvan ]
  * Add DMUA flag for James Page.
  * Build-Depends on procps for test suite.

 -- James Page <james.page@ubuntu.com>  Thu, 01 Dec 2011 15:03:53 +0000

zookeeper (3.3.3+dfsg2-2) unstable; urgency=low

  * Updated patch for ZOOKEEPER-1117 with fixes accepted into
    zookeeper 3.4.0 upstream; should also resolve FTBFS on ia64.
  * Close RFH from original maintainer (Closes: #602694).
  * debian/zookeeper.cron.daily: handle return code of 1 so daily cron job
    does not produce error emails when the package is removed but not
    purged (Closes: #582757). Thanks to Clint Byrum for this fix.

 -- James Page <james.page@ubuntu.com>  Wed, 31 Aug 2011 08:51:04 +0100

zookeeper (3.3.3+dfsg2-1) unstable; urgency=low

  * Re-enable python 2.7 modules (Closes: #633690):
    - debian/control: X-Python-Version: >= 2.6
  * debian/copyright: added EPL-1.0 for src/contrib/zooinspector/icons/*.
  * debian/patches/fixes/ZOOKEEPER-1033: Cherry picked patch from 3.4.0 
    so that headers for c bindings are installed to /usr/include/zookeeper.
  * Purged additional non-DFSG files from upstream source:
    - src/java/test/data/* : invalid snapshot and upgrade testing data.

 -- James Page <james.page@ubuntu.com>  Wed, 13 Jul 2011 10:01:47 +0100

zookeeper (3.3.3+dfsg1-1) unstable; urgency=low

  * New upstream release.
  * Resolve FTBFS on mips and hppa - platforms should not be supported 
    as zookeeper needs default-jdk >= 1:1.6 (Closes: #626020,#594970).
  * Added myself to Uploaders.
  * Removed Thomas Koch from Uploaders - thanks for all of your work.
  * Bumped Standards-Version: 3.9.2; no changes.
  * Transition to dh_python2.
  * Fixed FTBFS due to -Werror actually working and causing build 
    failures in gcc >= 4.6.1 (Closes: #625441).
  * debian/bin/zkPurgeTxnLog.sh: Switch DATADIR and DATALOGDIR to match
    parameter ordering in Zookeeper code (Closes: #601383) - thanks to 
    Paul Paradise for identifying this issue and the fix.
  * debian/copyright: upgrade to DEP-5 format.

 -- James Page <james.page@ubuntu.com>  Tue, 12 Jul 2011 16:56:06 +0100

zookeeper (3.3.1+dfsg1-2) unstable; urgency=low

  * FIX: cronjob, init.d fail after package removal. Closes: #582757

 -- Thomas Koch <thomas.koch@ymc.ch>  Tue, 01 Jun 2010 13:25:34 +0200

zookeeper (3.3.1+dfsg1-1) unstable; urgency=low

  * new upstream version
  * started over testing a new git layout for packaging

 -- Thomas Koch <thomas.koch@ymc.ch>  Tue, 18 May 2010 09:36:16 +0200

zookeeper (3.3.0+dfsg1-1) unstable; urgency=low

  * new upstream version
  * packaged zooinspector contrib
  * packages zktreeutil contrib
  * Made debian/rules a bit more sane

 -- Thomas Koch <thomas.koch@ymc.ch>  Tue, 27 Apr 2010 13:52:30 +0200

zookeeper (3.2.2+dfsg3-3) unstable; urgency=low

  * remove /var/run/zookeeper when purging the package
  * zookeeperd.init creates /var/run/zookeeper now (Closes: #569972)
  * cronjob to purge old zookeeper data
  * more elaborate config example
  * superfluous /var/run/zookeeper entry in zookeeper.dirs
  * fix lintian tag debian-rules-ignores-make-clean-error
  * don't install executables to /usr/bin without manpages and proper
    names
  * Use Built-in functions for atomic memory access instead of 
    hard-coded assembler. Thx Matthias Klose. Closes: #568618.
  * move executables to /usr/lib/... instead of /usr/share/...

 -- Thomas Koch <thomas.koch@ymc.ch>  Wed, 24 Feb 2010 15:02:09 +0100

zookeeper (3.2.2+dfsg3-2) unstable; urgency=low

  * Build C and Python bindings. Thanks to Matthias Klose.
  * Corrected dependencies versions in debian/control.

 -- Thomas Koch <thomas.koch@ymc.ch>  Thu, 28 Jan 2010 12:07:38 +0100

zookeeper (3.2.2+dfsg3-1) unstable; urgency=low

  * New repackaging after FTP rejection due to overseen license issues.
  * New repackaging of upstream tarball to exclude generated code. 
  * Initial release. (Closes: #561947)

 -- Thomas Koch <thomas.koch@ymc.ch>  Fri, 27 Jan 2010 16:41:22 +0100
