2006
phpgroupware (0.9.16.011-2.2) unstable; urgency=low
* Non-maintainer upload.
* Remove php5 as alternative, as phpgroupware is incompatible with php5.2.
Closes: #401045
-- Andreas Barth <aba@not.so.argh.org> Fri, 8 Dec 2006 22:38:08 +0000
phpgroupware (0.9.16.011-2.1) unstable; urgency=low
* Non-maintainer upload.
* Add missing depends on mysql-client | postgresql-client, since these
are used in the package's postinst (Closes: #398635).
* Update FSF address in debian/*copyright.
-- Thijs Kinkhorst <thijs@debian.org> Thu, 30 Nov 2006 09:56:08 +0100
phpgroupware (0.9.16.011-2) unstable; urgency=low
* Fix Depends typo to read php5-mysql (Closes: #387445, #388039)
-- Andrew Mitchell <ajmitch@debian.org> Mon, 2 Oct 2006 23:42:33 +1300
phpgroupware (0.9.16.011-1) unstable; urgency=high
* New upstream release
- Fixes CVE-2006-4458 (Closes: #386061)
- Supports mysql 4.1+ & postgresql 8 (Closes: #328439)
* Add apache2 & php5 to dependencies
* Enable php5 compatibility mode in header.inc.php.template
* Restart apache2 in postinst (Closes: #314417)
* Include Swedish & Dutch debconf template translations
(Closes: #342037, #364914)
* Thanks to Steinar H. Gunderson for NMU
-- Andrew Mitchell <ajmitch@debian.org> Mon, 11 Sep 2006 22:53:41 +1200
phpgroupware (0.9.16.010+dfsg-0.1) unstable; urgency=high
* Non-maintainer upload. * Repack upstream tarball to remove non-DFSG free material. (Closes: #365201) * Remove rfc2445.txt from the upstream tarball. * Update the .kpf file to reflect the removal.
-- Steinar H. Gunderson <sesse@debian.org> Tue, 6 Jun 2006 12:21:31 +0200
2005
phpgroupware (0.9.16.010-1) unstable; urgency=low
* New upstream release * New maintainer
-- Andrew Mitchell <ajmitch@debian.org> Thu, 22 Dec 2005 10:03:11 +1300
phpgroupware (0.9.16.009-1) unstable; urgency=high
* New upstream release
* Features security fix to fudforum (scripting files could be uploaded
using the avatar image feature), CAN-2005-2781. Closes: #340094.
-- Thomas Viehmann <tv@beamnet.de> Wed, 23 Nov 2005 20:48:29 +0100
phpgroupware (0.9.16.008-2) unstable; urgency=high
* Security fix for phpgroupware-phpsysinfo based on work by the
Martin Schulze of the Debian security team, thanks.
- Fixed cross-site-scripting [phpsysinfo/includes/system_footer.php,
phpsysinfo/includes/system_header.php, CVE-2005-0870]
- Fixed arbitrary file inclusion [phpsysinfo/index.php, CVE-2005-3347]
- Initialise charset variable to prevent cross-site scripting
[phpsysinfo/index.php, CVE-2005-3348]
-- Thomas Viehmann <tv@beamnet.de> Tue, 15 Nov 2005 18:48:28 +0100
phpgroupware (0.9.16.008-1) unstable; urgency=high
* New upstream release
Security fixes:
- for FUDForum Information Disclosure - see CAN-2005-2600
in phpgroupware-fudforum. Closes: #323929
- Global XSS fix in phpgroupware-phpgwapi (no CAN)
- Security: Disabled XMLRPC (as upstream does) - see CAN-2005-2498
Closes: #323349
* Removed transitional package phpgroupware-core (Closes: #322060)
* Included Czech translation, thank you, Miroslav Kure (Closes: #318794)
-- Thomas Viehmann <tv@beamnet.de> Tue, 30 Aug 2005 00:12:58 +0200
phpgroupware (0.9.16.006-1) unstable; urgency=high
* New upstream release
This includes an urgent security fix for xmlrpc bug that could allow
execution of arbitrary PHP code.
This is analogous to CAN-2005-2116 in the CVE.
As this is very urgent, all debian maintainer script updates are
postponed.
* Added Vietnamese translation of the debconf template.
Thanks go to Clytie Siddall for the translation and patch.
Closes: #316835.
-- Thomas Viehmann <tv@beamnet.de> Wed, 6 Jul 2005 17:43:38 +0200
phpgroupware (0.9.16.005-5) unstable; urgency=high
* Drop phpgroupware-forum binary package, as it's too broken for release
and the fixes would be too intrusive.
Closes: #311646.
* Add a note about ACLs and permissions to README.Debian to clarify
the behaviour that led to #306980.
-- Thomas Viehmann <tv@beamnet.de> Fri, 3 Jun 2005 16:49:01 +0200
phpgroupware (0.9.16.005-4) unstable; urgency=high
* Change file location to better default on the setup page.
Closes: #306969.
* Fix postinst of phpgroupware. Failing postinst is RC,
thus, this is urgency=high. Closes: #306968.
Thanks to Steve Greenland for observing these.
-- Thomas Viehmann <tv@beamnet.de> Sun, 1 May 2005 14:47:08 +0200
phpgroupware (0.9.16.005-3) unstable; urgency=high
* (almost) translation only update, thus urgency=high.
- Updated ja.po by Hideki Yamane. Thanks and sorry for the delay in
uploading it. Closes: #298182.
- Updated de.po and fr.po myself.
* Fix version information on login screen.
-- Thomas Viehmann <tv@beamnet.de> Wed, 16 Mar 2005 18:29:25 +0100
phpgroupware (0.9.16.005-2) unstable; urgency=low
* Fix capitalization bug with phpgroupware/webserver debconf both
Closes: #280735
* Add apache2 support. Closes: #170830.
My apologies to the translators for having to change the templates.
(I took the wording from phpMyAdmin, maybe you or I can cut and
paste from there.)
* Add CANs for security bug fixes in 0.9.16.005-1.
Thanks to Joey Hess for the research.
* Add lintian override for CVS in orig.tar.gz.
-- Thomas Viehmann <tv@beamnet.de> Fri, 4 Mar 2005 17:58:58 +0100
phpgroupware (0.9.16.005-1) unstable; urgency=high
* New upstream release
- Fixes security-related bugs (thus the urgency=high)
forum, polls, preferences, projects, tts, wiki: HTML and SQL
insertion
CVE-Database IDs: CAN-2004-1383, CAN-2004-1384, CAN-2004-1385
(Closes: #290773)
- Lifts unnecessary LDAP version restrictions (Closes: #285024)
* Fix wrong message in phpgroupware.config (Closes: #271668)
* Update German debconf translations (Closes: #281135)
Thanks you, Erik Schanze.
* Fix typo in configure script (Closes: #271925)
* Quote the php_value session.save_path parameter in
/etc/phpgroupware/apache.conf (Closes: #266348).
* Work around zsh build problems in debian/rules.
My apologies for not fixing the config bugs yet, but the security update
is kind of urgent.
-- Thomas Viehmann <tv@beamnet.de> Sun, 16 Jan 2005 17:49:26 +0100
2004
phpgroupware (0.9.16.003-1) unstable; urgency=medium
* Upstream (partly security) update.
- Fixes cross-site scripting bug in the wiki module.
- Upstream fixes all over the place, particulary adressbook, calendar.
- Some new or updated translations and documentation.
-- Thomas Viehmann <tv@beamnet.de> Mon, 6 Sep 2004 21:07:35 +0200
phpgroupware (0.9.16.002-1) unstable; urgency=medium
* Upstream security update. * Folded some more license stuff into debian/copyright. * Drop build-dependency on essential package findutils.
-- Thomas Viehmann <tv@beamnet.de> Sun, 1 Aug 2004 20:27:23 +0200
phpgroupware (0.9.16.001-1) unstable; urgency=low
* New upstream bugfix release.
- Upstream included patch by bug submitter Martin Peylo to fix
phpgroupware-headlines sql syntax error. Thanks.
Closes: #255798.
* Added phpgw-projects dependency on addressbook reported
by Rasmus Hansen. Thanks. Closes: #257270.
* Added Japanese debconf translation, thanks go to Hideki Yamane
(and the other developers and users that helped). Closes: #258700.
-- Thomas Viehmann <tv@beamnet.de> Mon, 19 Jul 2004 20:29:22 +0200
phpgroupware (0.9.16.000.1.cvs.20040620-1) unstable; urgency=low
* Sync with upstream's fixes for stable branch in coordination with
upstream release manager.
Small fixes all over the place, including
- remove "=" in example phpgw-apache.conf (Closes: #252044)
- fix admin hooks in sitemgr (Closes: #252220)
- fix sql escaping in wiki (default_records.php, Closes: #253201)
* Add doc symlinks. Closes: #234414.
* Add french debconf translation by R. Pannequin. Thanks!
Closes: #248371.
* Updated apache configuration.
* Added note about configuring PostgreSQL to README.Debian.
-- Thomas Viehmann <tv@beamnet.de> Mon, 21 Jun 2004 20:35:29 +0200
phpgroupware (0.9.16.000-1-2) unstable; urgency=low
* Eliminate some prompting.
* Allow building of non-Debian packages with extra packages.
* Remove phpgroupware-chora from Debian packages (unsatisfiable
dependency). Closes: #242522.
* The netsaint module is gone in 0.9.16, thus there is no wrong
Recommends any more. Closes: #240556
(In addition, the Recommends was updated in control.disabled, in
case netsaint should be reintroduced.)
-- Thomas Viehmann <tv@beamnet.de> Fri, 9 Apr 2004 16:57:12 +0200
phpgroupware (0.9.16.000-1-1) unstable; urgency=low
* New upstream release
- Fixes PostgreSQL problems. Closes: #204674, #208994
- phpGroupWare is believed to work without register_globals = On
in php.ini. Closes: #167299
- Removed patches included upstream. Yay!
* Merges from 0.9.14 packaging
- minor changes to debian/rules
- rewrite of config maintainer script, allow backoff. Closes: #191583
* Update header.inc.php generation for 0.9.16.
* Finally switch to po-debconf. Closes: #93586, #235495.
* The inv module has been dropped upstream and here.
But I noted the dependency in debian/control.disabled should it come
back. (Closes: #234415)
* Expanded README.Debian.
* Spellchecked control and debconf template.
* Added apache conf.d support to maintainer scripts.
-- Thomas Viehmann <tv@beamnet.de> Sat, 10 Jan 2004 19:28:14 +0100
phpgroupware (0.9.14.007-4) unstable; urgency=low
* Uwe Steinmann and Jamin W. Collins did some more bug research.
Quite a few were closed by the packaging changes and upstream
bug fixing.
- Preservation of user changes (Closes: #170820)
- Configuration of apache-ssl on initial install (Closes: #166574)
- fixed postrm bug dupe (Closes: #170841)
- ldap schema now included (Closes: #197702)
- README.Debian was written. (Closes: #170818)
- Version display on login page even shows debian revision
(Closes: #166579)
- wwwconfig-common not called if removed during purge
(Closes: #211161, #211639)
- wwwconfig-common bug in mysql execution fixed (Closes: #207777)
- '&' in passwords seems to work now (Closes: #181935)
Fix permissions to /var/lib/phpgroupware/sessions
This fixes php4 session type. (Closes: #173871)
* The descriptions have been improved.
Closes: #209809, #210153, #209817, #209941, #210043, #210176, #210064,
#210143, #209692, #209954, #209832, #209980, #209992.
-- Thomas Viehmann <tv@beamnet.de> Sat, 3 Jan 2004 21:47:07 +0100
phpgroupware (0.9.14.007-3) unstable; urgency=low
* Various rules file improvements, allow splitting of source packages
if desired.
* Drop packages not yet in sid. (See debian/control.disabled in source.)
-- Thomas Viehmann <tv@beamnet.de> Fri, 2 Jan 2004 12:02:19 +0100
2003
phpgroupware (0.9.14.007-2) unstable; urgency=low
* Some configuration (debconf use) modifications.
(Good ideas by Jamin W. Collins (thanks!), bad mistakes by myself.)
- Remove old debconf upgrade notice
- Erase admin password in postinst/postrm and reprompt
where needed.
- Rephrase some questions.
- Try to guess administrator name.
- Reduce db options to mysql and postgres.
* Fixes to the web based configuration in phpGroupWare
(Again, thanks to Jamin)
- Add big fat notice about passwords being displayed in header
configuration until a fix for the fact itself is ready
- Fix display of "configuration complete" (in setup/index.php)
before the user has seen setup/config.php.
- Improve some language-output. (English only, this needs to be
better.)
* Include some modules that had not been in control file.
* Grant locking rights to phpgroupware mysql account (closes: #225342)
-- Thomas Viehmann <tv@beamnet.de> Mon, 29 Dec 2003 22:11:50 +0100
phpgroupware (0.9.14.007-1) unstable; urgency=low
* New upstream release
Security fixes (Closes: #216306):
- SQL injection in infolog (escaping strings in queries)
- script injection in calendar
(holiday files now need extension .txt)
postinst of calendar will rename files in
/usr/share/phpgroupware/calendar/phpgroupware.org
* Remove empty phpgroupware/examples directory
(Suggestion by Uwe Steinmann, thanks)
* Fix permissions of files directory (Closes: #207797)
* New Debian maintainer.
* Remove link /usr/share/phpgroupware/files, this is needed
to fix vfs storage problem noted in CAN-2003-0599 and
addressed by version 0.9.14.005.
* Fold phpgroupware-core package into phpgroupware.
* Tweak the build process to weed out lintian errors and reduce
the number of warnings.
-- Thomas Viehmann <tv@beamnet.de> Thu, 11 Dec 2003 17:42:11 +0100
phpgroupware (0.9.14.006-1) unstable; urgency=low
* Inofficial release not for debian general usage. * New upstream release * Corrected illfix to #183896. (Correction pointed out by Luca.)
-- Thomas Viehmann <tv@beamnet.de> Wed, 6 Aug 2003 20:45:19 +0200
phpgroupware (0.9.14.005-1) unstable; urgency=low
* New upstream version
Includes security fixes for
- cross site scripting (CAN-2003-0504),
see <http://www.security-corporation.com/articles-20030702-005.html>;
- sql insertion (CAN-2003-0657)
- vfs storage in document dir now prohibited (CAN-2003-0599)
- Remove $appdir in includes in tables_update.inc.php to prevent
execution of arbitrary scripts.
Closes: #201980
* Repackaging more or less from scratch.
- Used parts from Luca's / Tilo's packaging.
See changelog.old.gz for details.
- Undo source split.
* Skip invocation wwwconfig-common's utils when they're not present.
(Closes: #183896)
* Call db_stop after debhelper includes. (Closes: #164354)
* Add patch by Toni Mueller to fix manageheader.php's inclusion of
header.inc.php. (Closes: #183991).
-- Thomas Viehmann <tv@beamnet.de> Sun, 13 Jul 2003 23:32:46 +0200