changed note field in tc_accomplishment to notes

[eq/.git] / doc / changelog.Debian

phpgroupware (0.9.16.005-3.sarge0) stable-security; urgency=high

  * Security fix for xmlrpc bug that could allow execution
    of arbitrary PHP code.
    This is analogous to CAN-2005-1921 in the CVE.

 -- Thomas Viehmann <tv@beamnet.de>  Thu,  7 Jul 2005 22:49:48 +0200

phpgroupware (0.9.16.005-3) unstable; urgency=high

  * (almost) translation only update, thus urgency=high.
    - Updated ja.po by Hideki Yamane. Thanks and sorry for the delay in
      uploading it. Closes: #298182.
    - Updated de.po and fr.po myself.
  * Fix version information on login screen.

 -- Thomas Viehmann <tv@beamnet.de>  Wed, 16 Mar 2005 18:29:25 +0100

phpgroupware (0.9.16.005-2) unstable; urgency=low

  * Fix capitalization bug with phpgroupware/webserver debconf both
    Closes: #280735
  * Add apache2 support. Closes: #170830.
    My apologies to the translators for having to change the templates.
    (I took the wording from phpMyAdmin, maybe you or I can cut and
     paste from there.)
  * Add CANs for security bug fixes in 0.9.16.005-1.
    Thanks to Joey Hess for the research.
  * Add lintian override for CVS in orig.tar.gz.

 -- Thomas Viehmann <tv@beamnet.de>  Fri,  4 Mar 2005 17:58:58 +0100

phpgroupware (0.9.16.005-1) unstable; urgency=high

  * New upstream release
    - Fixes security-related bugs (thus the urgency=high)
      forum, polls, preferences, projects, tts, wiki: HTML and SQL
      insertion
      CVE-Database IDs: CAN-2004-1383, CAN-2004-1384, CAN-2004-1385
      (Closes: #290773)
    - Lifts unnecessary LDAP version restrictions (Closes: #285024)
  * Fix wrong message in phpgroupware.config (Closes: #271668)
  * Update German debconf translations (Closes: #281135)
    Thanks you, Erik Schanze.
  * Fix typo in configure script (Closes: #271925)
  * Quote the php_value session.save_path parameter in
    /etc/phpgroupware/apache.conf (Closes: #266348).
  * Work around zsh build problems in debian/rules.
  My apologies for not fixing the config bugs yet, but the security update
  is kind of urgent.

 -- Thomas Viehmann <tv@beamnet.de>  Sun, 16 Jan 2005 17:49:26 +0100

phpgroupware (0.9.16.003-1) unstable; urgency=medium

  * Upstream (partly security) update.
    - Fixes cross-site scripting bug in the wiki module.
    - Upstream fixes all over the place, particulary adressbook, calendar.
    - Some new or updated translations and documentation.

 -- Thomas Viehmann <tv@beamnet.de>  Mon,  6 Sep 2004 21:07:35 +0200

phpgroupware (0.9.16.002-1) unstable; urgency=medium

  * Upstream security update.
  * Folded some more license stuff into debian/copyright.
  * Drop build-dependency on essential package findutils.

 -- Thomas Viehmann <tv@beamnet.de>  Sun,  1 Aug 2004 20:27:23 +0200

phpgroupware (0.9.16.001-1) unstable; urgency=low

  * New upstream bugfix release.
    - Upstream included patch by bug submitter Martin Peylo to fix
      phpgroupware-headlines sql syntax error. Thanks.
      Closes: #255798.
  * Added phpgw-projects dependency on addressbook reported
    by Rasmus Hansen. Thanks. Closes: #257270.
  * Added Japanese debconf translation, thanks go to Hideki Yamane
    (and the other developers and users that helped). Closes: #258700.

 -- Thomas Viehmann <tv@beamnet.de>  Mon, 19 Jul 2004 20:29:22 +0200

phpgroupware (0.9.16.000.1.cvs.20040620-1) unstable; urgency=low

  * Sync with upstream's fixes for stable branch in coordination with
    upstream release manager.
    Small fixes all over the place, including
    - remove "=" in example phpgw-apache.conf (Closes: #252044)
    - fix admin hooks in sitemgr (Closes: #252220)
    - fix sql escaping in wiki (default_records.php, Closes: #253201)
  * Add doc symlinks. Closes: #234414.
  * Add french debconf translation by R. Pannequin. Thanks!
    Closes: #248371.
  * Updated apache configuration.
  * Added note about configuring PostgreSQL to README.Debian.

 -- Thomas Viehmann <tv@beamnet.de>  Mon, 21 Jun 2004 20:35:29 +0200

phpgroupware (0.9.16.000-1-2) unstable; urgency=low

  * Eliminate some prompting.
  * Allow building of non-Debian packages with extra packages.
  * Remove phpgroupware-chora from Debian packages (unsatisfiable
    dependency). Closes: #242522.
  * The netsaint module is gone in 0.9.16, thus there is no wrong
    Recommends any more. Closes: #240556
    (In addition, the Recommends was updated in control.disabled, in
     case netsaint should be reintroduced.)

 -- Thomas Viehmann <tv@beamnet.de>  Fri,  9 Apr 2004 16:57:12 +0200

phpgroupware (0.9.16.000-1-1) unstable; urgency=low

  * New upstream release
    - Fixes PostgreSQL problems. Closes: #204674, #208994
    - phpGroupWare is believed to work without register_globals = On
      in php.ini. Closes: #167299
    - Removed patches included upstream. Yay!
  * Merges from 0.9.14 packaging
    - minor changes to debian/rules
    - rewrite of config maintainer script, allow backoff. Closes: #191583
  * Update header.inc.php generation for 0.9.16.
  * Finally switch to po-debconf. Closes: #93586, #235495.
  * The inv module has been dropped upstream and here.
    But I noted the dependency in debian/control.disabled should it come
    back. (Closes: #234415)
  * Expanded README.Debian.
  * Spellchecked control and debconf template.
  * Added apache conf.d support to maintainer scripts.

 -- Thomas Viehmann <tv@beamnet.de>  Sat, 10 Jan 2004 19:28:14 +0100

phpgroupware (0.9.14.007-4) unstable; urgency=low

  * Uwe Steinmann and Jamin W. Collins did some more bug research.
    Quite a few were closed by the packaging changes and upstream
    bug fixing.
    - Preservation of user changes (Closes: #170820)
    - Configuration of apache-ssl on initial install (Closes: #166574)
    - fixed postrm bug dupe (Closes: #170841)
    - ldap schema now included (Closes: #197702)
    - README.Debian was written. (Closes: #170818)
    - Version display on login page even shows debian revision
      (Closes: #166579)
    - wwwconfig-common not called if removed during purge
      (Closes: #211161, #211639)
    - wwwconfig-common bug in mysql execution fixed (Closes: #207777)
    - '&' in passwords seems to work now (Closes: #181935)
    Fix permissions to /var/lib/phpgroupware/sessions
    This fixes php4 session type. (Closes: #173871)
  * The descriptions have been improved.
    Closes: #209809, #210153, #209817, #209941, #210043, #210176, #210064,
    #210143, #209692, #209954, #209832, #209980, #209992.

 -- Thomas Viehmann <tv@beamnet.de>  Sat,  3 Jan 2004 21:47:07 +0100

phpgroupware (0.9.14.007-3) unstable; urgency=low

  * Various rules file improvements, allow splitting of source packages
    if desired.
  * Drop packages not yet in sid. (See debian/control.disabled in source.)

 -- Thomas Viehmann <tv@beamnet.de>  Fri,  2 Jan 2004 12:02:19 +0100

phpgroupware (0.9.14.007-2) unstable; urgency=low

  * Some configuration (debconf use) modifications.
    (Good ideas by Jamin W. Collins (thanks!), bad mistakes by myself.)
    - Remove old debconf upgrade notice
    - Erase admin password in postinst/postrm and reprompt
      where needed.
    - Rephrase some questions.
    - Try to guess administrator name.
    - Reduce db options to mysql and postgres.
  * Fixes to the web based configuration in phpGroupWare
    (Again, thanks to Jamin)
    - Add big fat notice about passwords being displayed in header
      configuration until a fix for the fact itself is ready
    - Fix display of "configuration complete" (in setup/index.php)
      before the user has seen setup/config.php.
    - Improve some language-output. (English only, this needs to be
      better.)
  * Include some modules that had not been in control file.
  * Grant locking rights to phpgroupware mysql account (closes: #225342)

 -- Thomas Viehmann <tv@beamnet.de>  Mon, 29 Dec 2003 22:11:50 +0100

phpgroupware (0.9.14.007-1) unstable; urgency=low

  * New upstream release
    Security fixes (Closes: #216306):
     - SQL injection in infolog (escaping strings in queries)
     - script injection in calendar
       (holiday files now need extension .txt)
       postinst of calendar will rename files in
       /usr/share/phpgroupware/calendar/phpgroupware.org
  * Remove empty phpgroupware/examples directory
    (Suggestion by Uwe Steinmann, thanks)
  * Fix permissions of files directory (Closes: #207797)
  * New Debian maintainer.
  * Remove link /usr/share/phpgroupware/files, this is needed
    to fix vfs storage problem noted in CAN-2003-0599 and
    addressed by version 0.9.14.005.
  * Fold phpgroupware-core package into phpgroupware.
  * Tweak the build process to weed out lintian errors and reduce
    the number of warnings.

 -- Thomas Viehmann <tv@beamnet.de>  Thu, 11 Dec 2003 17:42:11 +0100

phpgroupware (0.9.14.006-1) unstable; urgency=low

  * Inofficial release not for debian general usage.
  * New upstream release
  * Corrected illfix to #183896. (Correction pointed out by Luca.)

 -- Thomas Viehmann <tv@beamnet.de>  Wed,  6 Aug 2003 20:45:19 +0200

phpgroupware (0.9.14.005-1) unstable; urgency=low

  * New upstream version
  
    Includes security fixes for
    - cross site scripting (CAN-2003-0504),
      see <http://www.security-corporation.com/articles-20030702-005.html>
    - sql insertion (CAN-2003-0657)
    - vfs storage in document dir now prohibited (CAN-2003-0599)
    - Remove $appdir in includes in tables_update.inc.php to prevent
      execution of arbitrary scripts.
    Closes: #201980

  * Repackaging more or less from scratch.
    - Used parts from Luca's / Tilo's packaging.
      See changelog.old.gz for details.
    - Undo source split.
  * Skip invocation wwwconfig-common's utils when they're not present.
    (Closes: #183896)
  * Call db_stop after debhelper includes. (Closes: #164354)
  * Add patch by Toni Mueller to fix manageheader.php's inclusion of
    header.inc.php. (Closes: #183991).

 -- Thomas Viehmann <tv@beamnet.de>  Sun, 13 Jul 2003 23:32:46 +0200