phpgroupware (0.9.16.005-3.sarge0) stable-security; urgency=high * Security fix for xmlrpc bug that could allow execution of arbitrary PHP code. This is analogous to CAN-2005-1921 in the CVE. -- Thomas Viehmann Thu, 7 Jul 2005 22:49:48 +0200 phpgroupware (0.9.16.005-3) unstable; urgency=high * (almost) translation only update, thus urgency=high. - Updated ja.po by Hideki Yamane. Thanks and sorry for the delay in uploading it. Closes: #298182. - Updated de.po and fr.po myself. * Fix version information on login screen. -- Thomas Viehmann Wed, 16 Mar 2005 18:29:25 +0100 phpgroupware (0.9.16.005-2) unstable; urgency=low * Fix capitalization bug with phpgroupware/webserver debconf both Closes: #280735 * Add apache2 support. Closes: #170830. My apologies to the translators for having to change the templates. (I took the wording from phpMyAdmin, maybe you or I can cut and paste from there.) * Add CANs for security bug fixes in 0.9.16.005-1. Thanks to Joey Hess for the research. * Add lintian override for CVS in orig.tar.gz. -- Thomas Viehmann Fri, 4 Mar 2005 17:58:58 +0100 phpgroupware (0.9.16.005-1) unstable; urgency=high * New upstream release - Fixes security-related bugs (thus the urgency=high) forum, polls, preferences, projects, tts, wiki: HTML and SQL insertion CVE-Database IDs: CAN-2004-1383, CAN-2004-1384, CAN-2004-1385 (Closes: #290773) - Lifts unnecessary LDAP version restrictions (Closes: #285024) * Fix wrong message in phpgroupware.config (Closes: #271668) * Update German debconf translations (Closes: #281135) Thanks you, Erik Schanze. * Fix typo in configure script (Closes: #271925) * Quote the php_value session.save_path parameter in /etc/phpgroupware/apache.conf (Closes: #266348). * Work around zsh build problems in debian/rules. My apologies for not fixing the config bugs yet, but the security update is kind of urgent. -- Thomas Viehmann Sun, 16 Jan 2005 17:49:26 +0100 phpgroupware (0.9.16.003-1) unstable; urgency=medium * Upstream (partly security) update. - Fixes cross-site scripting bug in the wiki module. - Upstream fixes all over the place, particulary adressbook, calendar. - Some new or updated translations and documentation. -- Thomas Viehmann Mon, 6 Sep 2004 21:07:35 +0200 phpgroupware (0.9.16.002-1) unstable; urgency=medium * Upstream security update. * Folded some more license stuff into debian/copyright. * Drop build-dependency on essential package findutils. -- Thomas Viehmann Sun, 1 Aug 2004 20:27:23 +0200 phpgroupware (0.9.16.001-1) unstable; urgency=low * New upstream bugfix release. - Upstream included patch by bug submitter Martin Peylo to fix phpgroupware-headlines sql syntax error. Thanks. Closes: #255798. * Added phpgw-projects dependency on addressbook reported by Rasmus Hansen. Thanks. Closes: #257270. * Added Japanese debconf translation, thanks go to Hideki Yamane (and the other developers and users that helped). Closes: #258700. -- Thomas Viehmann Mon, 19 Jul 2004 20:29:22 +0200 phpgroupware (0.9.16.000.1.cvs.20040620-1) unstable; urgency=low * Sync with upstream's fixes for stable branch in coordination with upstream release manager. Small fixes all over the place, including - remove "=" in example phpgw-apache.conf (Closes: #252044) - fix admin hooks in sitemgr (Closes: #252220) - fix sql escaping in wiki (default_records.php, Closes: #253201) * Add doc symlinks. Closes: #234414. * Add french debconf translation by R. Pannequin. Thanks! Closes: #248371. * Updated apache configuration. * Added note about configuring PostgreSQL to README.Debian. -- Thomas Viehmann Mon, 21 Jun 2004 20:35:29 +0200 phpgroupware (0.9.16.000-1-2) unstable; urgency=low * Eliminate some prompting. * Allow building of non-Debian packages with extra packages. * Remove phpgroupware-chora from Debian packages (unsatisfiable dependency). Closes: #242522. * The netsaint module is gone in 0.9.16, thus there is no wrong Recommends any more. Closes: #240556 (In addition, the Recommends was updated in control.disabled, in case netsaint should be reintroduced.) -- Thomas Viehmann Fri, 9 Apr 2004 16:57:12 +0200 phpgroupware (0.9.16.000-1-1) unstable; urgency=low * New upstream release - Fixes PostgreSQL problems. Closes: #204674, #208994 - phpGroupWare is believed to work without register_globals = On in php.ini. Closes: #167299 - Removed patches included upstream. Yay! * Merges from 0.9.14 packaging - minor changes to debian/rules - rewrite of config maintainer script, allow backoff. Closes: #191583 * Update header.inc.php generation for 0.9.16. * Finally switch to po-debconf. Closes: #93586, #235495. * The inv module has been dropped upstream and here. But I noted the dependency in debian/control.disabled should it come back. (Closes: #234415) * Expanded README.Debian. * Spellchecked control and debconf template. * Added apache conf.d support to maintainer scripts. -- Thomas Viehmann Sat, 10 Jan 2004 19:28:14 +0100 phpgroupware (0.9.14.007-4) unstable; urgency=low * Uwe Steinmann and Jamin W. Collins did some more bug research. Quite a few were closed by the packaging changes and upstream bug fixing. - Preservation of user changes (Closes: #170820) - Configuration of apache-ssl on initial install (Closes: #166574) - fixed postrm bug dupe (Closes: #170841) - ldap schema now included (Closes: #197702) - README.Debian was written. (Closes: #170818) - Version display on login page even shows debian revision (Closes: #166579) - wwwconfig-common not called if removed during purge (Closes: #211161, #211639) - wwwconfig-common bug in mysql execution fixed (Closes: #207777) - '&' in passwords seems to work now (Closes: #181935) Fix permissions to /var/lib/phpgroupware/sessions This fixes php4 session type. (Closes: #173871) * The descriptions have been improved. Closes: #209809, #210153, #209817, #209941, #210043, #210176, #210064, #210143, #209692, #209954, #209832, #209980, #209992. -- Thomas Viehmann Sat, 3 Jan 2004 21:47:07 +0100 phpgroupware (0.9.14.007-3) unstable; urgency=low * Various rules file improvements, allow splitting of source packages if desired. * Drop packages not yet in sid. (See debian/control.disabled in source.) -- Thomas Viehmann Fri, 2 Jan 2004 12:02:19 +0100 phpgroupware (0.9.14.007-2) unstable; urgency=low * Some configuration (debconf use) modifications. (Good ideas by Jamin W. Collins (thanks!), bad mistakes by myself.) - Remove old debconf upgrade notice - Erase admin password in postinst/postrm and reprompt where needed. - Rephrase some questions. - Try to guess administrator name. - Reduce db options to mysql and postgres. * Fixes to the web based configuration in phpGroupWare (Again, thanks to Jamin) - Add big fat notice about passwords being displayed in header configuration until a fix for the fact itself is ready - Fix display of "configuration complete" (in setup/index.php) before the user has seen setup/config.php. - Improve some language-output. (English only, this needs to be better.) * Include some modules that had not been in control file. * Grant locking rights to phpgroupware mysql account (closes: #225342) -- Thomas Viehmann Mon, 29 Dec 2003 22:11:50 +0100 phpgroupware (0.9.14.007-1) unstable; urgency=low * New upstream release Security fixes (Closes: #216306): - SQL injection in infolog (escaping strings in queries) - script injection in calendar (holiday files now need extension .txt) postinst of calendar will rename files in /usr/share/phpgroupware/calendar/phpgroupware.org * Remove empty phpgroupware/examples directory (Suggestion by Uwe Steinmann, thanks) * Fix permissions of files directory (Closes: #207797) * New Debian maintainer. * Remove link /usr/share/phpgroupware/files, this is needed to fix vfs storage problem noted in CAN-2003-0599 and addressed by version 0.9.14.005. * Fold phpgroupware-core package into phpgroupware. * Tweak the build process to weed out lintian errors and reduce the number of warnings. -- Thomas Viehmann Thu, 11 Dec 2003 17:42:11 +0100 phpgroupware (0.9.14.006-1) unstable; urgency=low * Inofficial release not for debian general usage. * New upstream release * Corrected illfix to #183896. (Correction pointed out by Luca.) -- Thomas Viehmann Wed, 6 Aug 2003 20:45:19 +0200 phpgroupware (0.9.14.005-1) unstable; urgency=low * New upstream version Includes security fixes for - cross site scripting (CAN-2003-0504), see - sql insertion (CAN-2003-0657) - vfs storage in document dir now prohibited (CAN-2003-0599) - Remove $appdir in includes in tables_update.inc.php to prevent execution of arbitrary scripts. Closes: #201980 * Repackaging more or less from scratch. - Used parts from Luca's / Tilo's packaging. See changelog.old.gz for details. - Undo source split. * Skip invocation wwwconfig-common's utils when they're not present. (Closes: #183896) * Call db_stop after debhelper includes. (Closes: #164354) * Add patch by Toni Mueller to fix manageheader.php's inclusion of header.inc.php. (Closes: #183991). -- Thomas Viehmann Sun, 13 Jul 2003 23:32:46 +0200