2009
webcalendar (1.2.0+dfsg-4) unstable; urgency=low
* debian/patches/06_send-reminder-paths.diff: Adjust patch to help
translate.php to find the translation files under /etc/webcalendar.
Thanks to Dale and Cheryl Schroeder for the help on debugging this
(really, closes: #531312).
* debian/patches/16_no-blink-public-access-title.diff: New patch for
avoiding the blinking title when changing the Public Access title in
English-US.txt
-- Rafael Laboissiere <rafael@debian.org> Tue, 09 Jun 2009 06:26:24 +0200
webcalendar (1.2.0+dfsg-3) unstable; urgency=low
* debian/links: Add a symbolic link for /etc/webcalendar/translations in
/usr/share/webcalendar, such that the send_reminders.php script runs
without errors (closes: #531312)
* debian/patches/12_documentation-hrefs.diff: Add hunk for changing file
help_edit_entry.php such that the documentation link point to the
SourceForge site instead of locally (closes: #531469)
* debian/patches/15_mktime-php-5.2.8.diff: Add patch for fixing a
problem with multi-day events resulting in segfault when visiting
week.php for users with PHP upgraded to version 5.2.8 or later.
Thanks to Philippe Teuwen for the help in debugging this problem.
(Closes: #530842)
-- Rafael Laboissiere <rafael@debian.org> Sat, 06 Jun 2009 11:08:47 +0200
webcalendar (1.2.0+dfsg-2) unstable; urgency=low
* debian/control: Add sharutils to the build-dependencies (needed for
the uudecode command used in debian/rules)
* debian/patches/14_change-timezone-script.diff: Add patch containing a
script (change-tz.php) that allows the admin user to change the
timezone offset (closes: #528403)
* debian/NEWS: Add a notice about the change above
-- Rafael Laboissiere <rafael@debian.org> Sun, 17 May 2009 18:16:29 +0200
webcalendar (1.2.0+dfsg-1) unstable; urgency=low
[ Rafael Laboissiere ]
* New upstream release.
* debian/control:
+ Drop all dependencies on php4 and apache1 related packages, which
have been removed from unstable
+ Bump Standards-Version to 3.8.1 (add debian/README.source explaining
mentioning the quilt patch system, as required by the Policy)
+ Use viewsvn instead of wsvn in Vcs-Browser
* Switch from dpatch to quilt
* Synch with lenny t-p-u branch
* debian/lintian-overrides: Add override for the use of the
class.phpmailer.php. Unfortunately, there are many differences between
the library provided in the upstream sources and that provided by the
libphp-phpmailer package. It would be risky to make webcalendar use
the later.
* debian/rules: Call dh_lintian
* debian/control, debian/compat: Bump build-dependency on debhelper to
>= 6.0.7~, otherwise the dh_lintian command will not be found
* Drop the non-free font COLLEGE.ttf (closes: #515191):
+ debian/DejaVuSans-Bold-Numbers-Letters.ttf.uu: Use this font to
replace COLLEGE.ttf. It was composed from the DejaVuSans-Bold TT font
by restricting the available characters to the numbers and the ASCII
letters. It is UUencoded because dpkg-source cannot put binary files
in the diff.gz file.
+ debian/rules:
- (configure-stamp): Install in includes/classes/captcha
the TT font DejaVuSans-Bold-Numbers-Letters.ttf
- (clean-patched): Clean the installed TT font
- (get-orig-source): Add rule for creating the DFSG-compliant
upstream tarball by excluding the COLLEGE.ttf file
+ debian/watch: Adapt the options for taking care of the +dfsg
addition to the upstream version number
* debian/control: The Debian packaging files are now maintained through
a Git repository at alioth.debian.org. Switch the Vcs-* URLs to Git,
accordingly.
* debian/sql/upgrade-pgsql/{1.1.2-1,1.1.5-1}: Upgrades no longer result
in a corrupted database when using Postgres. Thanks to James Barrett
for the patch.
[ Elizabeth Krumbach ]
* Add php5-ldap to suggests and added info about ldap auth so it shows
up for search for ldap compatible calendars (closes: LP: #304267)
-- Rafael Laboissiere <rafael@debian.org> Sun, 10 May 2009 10:31:33 +0200
2008
webcalendar (1.0.5-15lenny1) testing-proposed-updates; urgency=low
* debian/po/sv.po: Add Swedish translation of the debconf templates,
thanks to Martin Bagge (closes: #502142)
-- Rafael Laboissiere <rafael@debian.org> Wed, 15 Oct 2008 23:48:03 +0200
webcalendar (1.2~b1-2) experimental; urgency=low
* Synched with the unstable branch
* debian/watch: Mangle tilde in upstream version
* debian/rules: Symlink the prototype.js file into its appropriate
location in the JavaScript Protoype library. This avoids the
inclusion of convenience code, complying with the Policy Manual
section 4.13.
* debian/control: Depend on libjs-prototype
-- Rafael Laboissiere <rafael@debian.org> Sun, 31 Aug 2008 22:30:29 +0200
webcalendar (1.0.5-16) unstable; urgency=low
[ Elizabeth Bevilacqua ]
* debian/patches/03_login_lean.dpatch required description (fixes lintian
warning).
* Added note to README.Debian about where in docroot webcalendar is
installed to (closes: 491642)
[ Rafael Laboissiere ]
* debian/control: Bump Standards-Version to 3.8.0 (no changes needed)
-- Rafael Laboissiere <rafael@debian.org> Sun, 31 Aug 2008 15:10:46 +0200
webcalendar (1.2~b1-1) experimental; urgency=low
* New upstream release
* dpatches adjusted for this new release:
+ 01_config_patch
+ 02_pgsql_patch
+ 06_send-reminder-paths
+ 13_CVE-2007-6696 (this one was partly applied upstream)
-- Rafael Laboissiere <rafael@debian.org> Mon, 03 Mar 2008 21:23:25 +0100
webcalendar (1.1.6-7) experimental; urgency=low
* debian/patches/13_CVE-2007-6696.dpatch: Fixes for the three cross-site
scripting (XSS) vulnerabilites described in CVE-2007-6696 (closes:
#466935)
* debian/sql/upgrade-*/1.1.6-7: Force the ALLOW_HTML_DESCRIPTION
configuration variable to 'N', as part of the fix for the
vulnerability above
* debian/NEWS.Debian: Add a note explaining the conservative change of
ALLOW_HTML_DESCRIPTION
-- Rafael Laboissiere <rafael@debian.org> Sun, 24 Feb 2008 00:47:40 +0100
2007
webcalendar (1.1.6-6) experimental; urgency=low
* Synched with the unstable branch
-- Rafael Laboissiere <rafael@debian.org> Wed, 19 Dec 2007 01:10:47 +0100
webcalendar (1.0.5-15) unstable; urgency=low
* debian/patches/01_config_patch.dpatch: Adjusted patch to use $_SERVER
instead of $_ENV in order to correctly access Apache environment
variables, allowing the specification of alternate settings.conf
files. Thanks to B. Plagge for the patch. Closes: #461174.
* debian/copyright: Added proper copyright statements and licensing
conditions
-- Rafael Laboissiere <rafael@debian.org> Sun, 10 Feb 2008 18:31:27 +0100
webcalendar (1.1.6-5) experimental; urgency=low
* Synched with the unstable branch
* debian/control: Dropped the Homepage pseudo-header from the extended
description
-- Rafael Laboissiere <rafael@debian.org> Wed, 19 Dec 2007 01:10:47 +0100
webcalendar (1.0.5-14) unstable; urgency=low
* debian/control: Bumped Standards-Version to 3.7.3 (no changes needed)
* debian/po/fi.po: Added Finnish translation of the debconf templates,
thanks to Esko Arajärvi (closes: #456982)
-- Rafael Laboissiere <rafael@debian.org> Wed, 19 Dec 2007 00:55:08 +0100
webcalendar (1.1.6-4) experimental; urgency=low
* Synched with the unstable branch
-- Rafael Laboissiere <rafael@debian.org> Tue, 27 Nov 2007 18:16:56 +0100
Old changelog format(s), not parsed
webcalendar (1.0.5-13) unstable ; urgency=low
[ Elizabeth Bevilacqua ]
* Added www-data user to crontab (closes: #452176)
[ Rafael Laboissiere ]
* debian/control: Use the now official Vcs-* fields instead of the
obsolete XS-Vcs-*
-- Elizabeth Bevilacqua <lyz@princessleia.com> Wed, 21 Nov 2007 11:35:06 -0500
webcalendar (1.1.6-3) experimental; urgency=low
[ Elizabeth Bevilacqua ]
* Added database info to README.Debian
* Added SQLite3 to list of supported databases in package description
[ Rafael Laboissiere ]
* debian/patches/12_documentation-hrefs.dpatch: Fix hrefs for the HTML
documentation links, pointing them to the CVS repository at
SourceForge, instead of letting them point to inexistent local files
-- Rafael Laboissiere <rafael@debian.org> Tue, 02 Oct 2007 11:16:39 +0200
webcalendar (1.1.6-2) experimental; urgency=low
[ Rafael Laboissiere ]
* Really makes the package work with SQLite:
+ debian/sql/install-sqlite3/tables-sqlite3.pl: Added dbconfig-common
script for populating the database
+ debian/sql/upgrade-sqlite/*: Remove upgrade script because they are
not necessary, since the SQLite support has never worked before this
release
+ debian/{install, link}: Install and link the tables-sqlite3.pl script
+ debian/config: Replace sqlite by sqlite3 in the list of DBMS
alternatives
+ debian/patches/10_load-sqlite-db.dpatch: Load SQLite database file
as specified by the dbconfig-common configuration
+ debian/patches/11_use-sqlite3.dpatch: Adapt dbi4php.php to use
sqlite3 API functions
as specified by the dbconfig-common configuration
+ debian/settings.conf: Define the "basepath" variable
+ debian/postinst:
- Replace "basepath" by the value set by dbconfig-common
- Ensure that dbc_dbuser and dbc_dbpass are set to "non" when
undefined
- Initialize variables dbc_dbfile_owner and dbc_dbfile_perms to sane
values (this is needed for the creation of the SQLite database
file by dbconfig-common
-- Rafael Laboissiere <rafael@debian.org> Sat, 29 Sep 2007 08:47:37 +0200
webcalendar (1.1.6-1) experimental; urgency=low
* New upstream release:
+ debian/patches/07_SA23341-xss-vulnerability.dpatch: Dropped patch
(applied upstream)
+ debian/sql/upgrade-*/1.1.6-1: Added SQL scripts for setting the
program version in the WebCalendar database at upgrade
* debian/control: Added Homepage field and pseudo-header
* debian/rules: Check whether the release will be uploaded to
experimental, avoiding accidental uploads to unstable
-- Rafael Laboissiere <rafael@debian.org> Sat, 22 Sep 2007 09:46:15 +0200
webcalendar (1.1.5-2) experimental; urgency=low
* debian/sql/upgrade-{my,pg}sql/1.1.5-2: Enable JavaScript menus when
upgrading from previous versions. These menus are new in the 1.1.*
series and are enabled by default in 1.1.5. However, they were but
were disabled by default in 1.1.2. Since the 1.1.2 version of the
Debian package was never in unstable/testing, we think it is
appropriate to force the setting of the MENU_ENABLED configuration
variable.
* debian/sql/upgrade-sqlite/1.1.5-*: Added scripts for upgrading from
1.1.2 when SQLite database was chosen
* debian/patches/09_user-public-access.dpatch: When viewing the public
calendar, do not show "Current User: Public Access" in the footer of
the pages, which may be confusing for some users who do not know (or
care) about the WebCalendar concept of user. The "Login" string is
still shown. Note that this change is moot when enabling the top
menu. Closes: Bug# 293646.
-- Rafael Laboissiere <rafael@debian.org> Fri, 14 Sep 2007 16:53:06 +0200
webcalendar (1.1.5-1) experimental; urgency=low
* New upstream release:
+ debian/patches/09_quote-edit-template.dpatch,
10_include-header-trailer.dpatch: Dropped patches (applied
upstream)
+ debian/rules: Fixed wrong permission of some installed files
* debian/watch: Use the qa.debian.org redirector, avoiding SF's
difficult mirror system
* debian/sql/upgrade-{my,pg}sql/1.1.5-1: Added upgrading SQL scripts
-- Rafael Laboissiere <rafael@debian.org> Mon, 10 Sep 2007 20:53:38 +0200
webcalendar (1.1.2-4) experimental; urgency=low
* Synched with the unstable branch (1.0.5-12)
* debian/preinst: Cope with the obsolete configuration file
/etc/webcalendar/translations/Japanese-utf8.txt by using dpkg-query
instead of using a hard-coded md5sum number (code suggested in
http://wiki.debian.org/DpkgConffileHandling)
* debian/rules: Added code to the binary target to warn when the
distribution is not set to "experimental" in debian/changelog. This
will help avoiding accidental uploads to unstable.
-- Rafael Laboissiere <rafael@debian.org> Sat, 16 Jun 2007 17:33:58 +0200
webcalendar (1.0.5-12) unstable; urgency=low
* debian/docs: Added {README,NEWS].Debian to the list of files to
install. The NEWS file existed since version 1.0.5-1 of the
package, but was never included in the .deb (and hence never noticed
by apt-listchanges).
* debian/cron.d: Fixed shell syntax in cron command
* debian/patches/08_RFC-2045-2822-reminders.dpatch: Added patch for
making send_reminder.php comply with RFC 2822 (correct encoding of
non-ASCII characters in the Subject field, thanks to Jörg Sommrey,
closes: #428331) and RFC 2045 (appropriate Content-type header)
-- Rafael Laboissiere <rafael@debian.org> Sat, 16 Jun 2007 17:06:07 +0200
webcalendar (1.1.2-3) experimental; urgency=low
* Synched with the unstable branch (1.0.5-10 and 1.0.5-11)
* debian/control: Added php5-sqlite3 to Depends and sqlite3 to
Recommends, which were wrongly absent
-- Rafael Laboissiere <rafael@debian.org> Sun, 10 Jun 2007 17:57:08 +0200
webcalendar (1.0.5-11) unstable; urgency=low
* debian/NEWS.Debian: Fixed version number of last entry, such that
users who have apt-listchanges and upgrade to this version will see
the important changes done in 1.0.5-10
-- Rafael Laboissiere <rafael@debian.org> Sun, 10 Jun 2007 17:47:37 +0200
webcalendar (1.0.5-10) unstable; urgency=low
* Added php(4|5)-cli to Depends (used for reminders)
* Updated cron.d/webcalendar entry (used for reminders)
* Added README.Debian
-- Elizabeth Bevilacqua <lyz@princessleia.com> Sat, 9 Jun 2007 21:47:11 -0400
webcalendar (1.1.2-2) experimental; urgency=low
* Synched with the unstable branch (1.0.5-8 and 1.0.5-9), containing
lots of Debconf translation updates
-- Rafael Laboissiere <rafael@debian.org> Sun, 27 May 2007 15:11:48 +0200
webcalendar (1.0.5-9) unstable; urgency=low
* Debconf templates and debian/control reviewed by the debian-l10n-
english team as part of the Smith review project. (closes: #422340)
* Debconf translation updates:
+ debian/po/pt_BR: Updated Portuguese Brazilian translation, thanks to
Herbert P. Fortes Neto (closes: #425611)
+ debian/po/nl.po: Added Dutch translation, thanks to Bart Cornelis
(closes: #425713)
+ debian/po/es.po: Updated Spanish translation, thanks to Javier
Fernández-Sanguino Peña (closes: #425849)
+ debian/po/pt.po: Updated Portuguese translation, thanks to Luísa
Lourenço (closes: #426133)
-- Rafael Laboissiere <rafael@debian.org> Sun, 27 May 2007 14:47:28 +0200
webcalendar (1.0.5-8) unstable; urgency=low
* debconf templates translations:
+ debian/po/de.po: Updated German translation, thanks to Helge Kreutzmann
(closes: #423877)
+ debian/po/fr.po: Updated French translation, thanks to Steve
(closes: #424072)
+ debian/po/eu.po: Added Basque translation, thanks to Piarres Beobide
(closes: #424771)
* debian/apache.conf: Only set the environment variable
WEBCALENDAR_CONFIG_FILE is mod_env is loaded (closes: #424777)
* debian/NEWS.Debian: Added a note about the change above
-- Rafael Laboissiere <rafael@debian.org> Thu, 17 May 2007 15:05:15 +0200
webcalendar (1.1.2-1) experimental; urgency=low
[ Rafael Laboissiere ]
* New upstream release. This is a development upstream release, hence
the upload to experimental.
* This release allows external files to be included as header/trailer
(closes: #293648)
* dpatches adapted for 1.1.2:
+ 01_config_patch
+ 02_pgsql_patch
+ 03_login_lean
+ 04_php-perl-paths
+ 07_SA23341-xss-vulnerability
* Removed dpatch:
+ 05_translations-french-utf8
* Added dpatches:
+ 08_db-load-config: Load the configuration settings if
WEBCAL_PROGRAM_VERSION is not present in the webcal_config table or
if it corresponds to an old version of WebCalendar. This will avoid
launching the Installation Wizard when visiting the web page at the
first time.
+ 09_quote-edit-template: Fix a typo that was preventing custom
header/trailer edition. This is taken from the Help/Troubleshooting
forum of the WebCalendar project at SourceForge (#1734121)
+ 10_include-header-trailer: Allow leading/trailing whitespaces in
file name specified for custom header/trailer inclusion. Also,
fixes a small typo that was making the file name appear in the web
page along with its HTML contents. This patch was proposed to the
Patch Tracker of the WebCalendar project at SourceForge (#1719102
and #1719114).
* debian/watch: Adjusted for the development tarballs at SourceForge
* debian/rules:
+ Fixed permissions of some installed files
+ Removed extra license file phpmailer/LICENSE
* debian/copyright: Added copyright statement and licensing terms for
files in /www/includes/classes/phpmailer/
* debian/sql/upgrade-{my,pg}sql/1.1.2-1: Added upgrade files. Some
SQL is taken from install/{index,install_functions}.php.
* debian/install:
+ Adjusted for the new upgrade SQL scripts
+ Give correct path for files tables-*.sql, which are now in
install/sql/ instead of the top source directory
+ Install images/ and themes/ directories in the web area
* Added support for SQLite (closes: #407698, #407700)
+ debian/control:
- Depends on the php*-sqlite* packages
- Added SQLite to the list of supported DBMS
+ debian/webcalendar.config: Added sqlite to the dbc_dbtypes list
+ debian/webcalendar.links: Added link for tables-sqlite.sql
* debian/preinst: Added maintainer script for removing the
"configuration" file /etc/webcalendar/translations/Japanese-utf8.txt
left behind by version 1.0.5. The md5sum is checked before removal.
[ Elizabeth Bevilacqua ]
* dpatches adapted for 1.1.2:
+ 06_send-reminder
-- Rafael Laboissiere <rafael@debian.org> Tue, 15 May 2007 13:06:37 +0200
webcalendar (1.0.5-7) unstable; urgency=low
* debian/control:
+ Changed Maintainer to WebCalendar Debian package development
<rafael-webcalendar@debian.org> and added Elizabeth Bevilacqua to
the list of Uploaders
+ Depends on dbconfig-common >= 1.8.33, because this version fixes
the nasty Bug#418479, which prevents proper installation of
webcalendar (closes: #419380)
-- Rafael Laboissiere <rafael@debian.org> Sun, 13 May 2007 16:41:19 +0200
webcalendar (1.0.5-6) unstable; urgency=low
* debian/po/cs.po: Updated Czech translation, thanks to Miroslav Kure
(closes: #423501)
-- Rafael Laboissiere <rafael@debian.org> Sat, 12 May 2007 14:26:43 +0200
webcalendar (1.0.5-5) unstable; urgency=low
* debian/po/gl.po: Galician translation, thanks to Jacobo Tarrio
(closes: #423372)
-- Rafael Laboissiere <rafael@debian.org> Sat, 12 May 2007 11:56:36 +0200
webcalendar (1.0.5-4) unstable; urgency=low
* debian/control: Suggests php4-gd or php5-gd (this allows gradient
colors in the background of table cells)
* Stripped the "webcalendar." prefix from various file names in debian/
* debian/control, debian/templates: Reviewed English text, thanks to
Christian Perrier and the debian-l10n-english team (closes: #422340)
-- Rafael Laboissiere <rafael@debian.org> Thu, 10 May 2007 12:05:49 +0200
webcalendar (1.0.5-3) unstable; urgency=low
* Added php5 support (closes: 393832, 419570)
-- Elizabeth Bevilacqua <lyz@princessleia.com> Mon, 23 Apr 2007 11:50:50 -0400
webcalendar (1.0.5-2) unstable; urgency=low
[ Rafael Laboissiere ]
* New dpatches:
+ 05_translations-french-utf8: This patch adds file
translations/French-UTF8.txt, which is mysteriously missing from the
upstream tarball. French-UTF8 is a valid language choice, but
choosing it via the preferences page makes WebCalendar fail
miserably. This file is present in the 1.1.2 upstream tarball, so
this patch will be eventually removed.
+ 06_send-reminder-paths: Set correctly the paths to the include and
translation files (closes: #373907)
+ 07_SA23341-xss-vulnerability: Fixes cross-site scripting (XSS)
vulnerability in export_handler.php that allows remote attackers to
inject arbitrary web script or HTML via the format parameter (see
http://secunia.com/advisories/23341). The CVE id is CVE-2006-6669.
Thanks to Thijs Kinkhorst for the patch (closes: #404234).
* Changed dpatch:
+ 01_config_patch: In files user-app-postnuke.php, user-ldap.php,
user-nis.php, and user.php, insure that the variables
$user_can_update_password, $admin_can_add_user, and
$admin_can_delete_user are really boolean. Thanks to Barry
Cornelius for the heads up (closes: #396217).
* debian/rules: Added patch target, such that dpatch-convert-diffgz works
* debian/webcalendar.postinst: Remove the commas in the answer for the
multiselect question webcalendar/conf/httpd_conf
* debian/webcalendar.templates:
+ Added apache-perl to the choice of web servers
+ Added question for restarting the web server at postinst time (the
debconf question and associated config code were shamelessly stolen
from the gallery2 package).
* debian/webcalendar.config: Ask the user which web servers should be
restarted
* debian/webcalendar.postint: Renamed the linkapache function to
apache_init and added code for restarting the web server
[ Elizabeth Bevilacqua ]
* edited order of dependencies
-- Elizabeth Bevilacqua <lyz@princessleia.com> Tue, 17 Apr 2007 14:22:26 -0400
webcalendar (1.0.5-1) unstable; urgency=low
[ Elizabeth Bevilacqua ]
* New upstream release (this version fixes vulnerability CVE-2007-1343)
* debian/apache.conf - Turned register_globals Off (closes: #404297)
* debian/control maintainer change for adoption of package
* Revised Depends:, Recommends:, and Suggests:
* Added debian/NEWS
* Acknowledge NMUs:
+ Closes: #389543, thanks Steinar H. Gunderson
+ Closes: #374752, #381190, #384224, thanks Thijs Kinkhorst
[ Rafael Laboissiere ]
* debian/control:
+ Added my name to the Uploaders field
+ Added XS-Vcs-Svn and XS-Vcs-Browser fields
* debian/watch: Fixed regular pattern to avoid considering
WebCalendar-devel-* upstream tarballs
* debian/patches/01_config_patch.dpatch: Removed part of this patch that
was preventing die_miserable_death() to echo error messages
(closes: #375308)
* debian/patches/02_pgsql_patch.dpatch: Adapted for version 1.0.5
* debian/webcalendar.links, debian/dirs, debian/install: Put the
install SQL scripts in the correct place, such that they are found by
dbconfig-common
* debian/apache.conf: Declared index.php as a DirectoryIndex, such that
the URL http://<host>/webcalendar/ works
* debian/webcalendar.prerm: Added pre-removal script, which allows
dbconfig-common to ask the user whether the database should be dropped
on purge
-- Elizabeth Bevilacqua <lyz@princessleia.com> Sun, 15 Apr 2007 10:27:19 +0200
webcalendar (1.0.4-1.3) unstable; urgency=low
* Non-maintainer upload to fix pending l10n issues.
* Debconf translations:
- Spanish. Closes: #403445
- German. Closes: #396620
-- Christian Perrier <bubulle@debian.org> Thu, 22 Feb 2007 07:32:47 +0100
webcalendar (1.0.4-1.2) unstable; urgency=medium
* Non-maintainer upload.
* Depend on mysql-client or postgresql-client, as this is needed by
dbconfig-common (Closes: #389377).
* Combine with i18n NMU campaign; add debconf translations:
- Brazilian Portuguese by Herbert P Fortes Neto (Closes: #384224).
- Portuguese by Miguel Figueiredo (Closes: #381190).
- French by Steve Petruzzello (Closes: #374752).
-- Thijs Kinkhorst <thijs@debian.org> Thu, 12 Oct 2006 13:46:33 +0200
webcalendar (1.0.4-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Make webcalendar.config and webcalendar.postrm depend only on essential
packages, by checking for the existence of dbconfig-common and ucf before
attempting to use them. (Closes: #388239)
-- Steinar H. Gunderson <sesse@debian.org> Tue, 26 Sep 2006 12:51:42 +0200
webcalendar (1.0.4-1) unstable; urgency=high
* New upstream release (closes: #363914)
* Upstream release fixes CVE-2006-2762
* Added French translation from Steve Petruzzello <dlist@bluewin.ch> (closes: #360187)
* Restored dbconfig_oldconf.sh for upgrades from < 1.0.2
* Fixed dbconfig_oldconf.sh to bail out if settings.php is not found
* Renamed settings.php to settings.conf as settings.conf is not a php file
* LDAP admin groups is fixed in upstream (closes: #308519)
* Added Czech translation from Miroslav Kure <kurem@upcase.inf.upol.cz> (closes: #360286)
* Previous NMUs fix a couple of problems (closes: #366927) (Closes: #360690)
-- Tim Peeler <thp@linuxforce.net> Sat, 10 Jun 2006 08:24:57 -0400
webcalendar (1.0.2-2.2) unstable; urgency=high
* Non-maintainer upload by the Security Team
* Urgency set to high, due to RC/Security bug fix.
* added patches/02_login_lean.dpatch:
+ Unified error messages for unknown users and wrong passwords to prevent
an information leak [includes/user.php, CVE-2006-2247]. thanks to
Martin Shultze (closes: #366927).
* Move debhelper and dpatch to Build-Depends (instead of
Build-Depends-Indep).
* Bump Standards-Version to 3.7.2 (no changes required).
-- Pierre Habouzit <madcoder@debian.org> Thu, 1 Jun 2006 22:45:40 +0200
webcalendar (1.0.2-2.1) unstable; urgency=low
* Non-maintainer upload.
* Fix debian/webcalendar.postinst and debian/webcalendar.config.
Rename settings.conf to settings.php. Remove useless
debian/tools. Closes: #360690.
* Fix docs link (debian/webcalendar.links).
-- Arnaud Fontaine <arnaud@andesi.org> Thu, 20 Apr 2006 15:40:12 +0200
webcalendar (1.0.2-2) unstable; urgency=low
* Fixed bug in README generation that made it appear to be XML and caused
duplicate README generation (closes: #306275)
* Added db_unregister to postinstall to remove all old templates
(closes: #337624)
* Fixed debconf templates (closes: #357723)
* Fixed build-depends bug (closes: #358414)
* Fixed a bug in SQL upgrade
* added support to load old (<1.0.2-1) database settings for dbconfig-common
* upstream fixed IE javascript issue in 1.0.2 (closes: #293643)
-- Tim Peeler <thp@linuxforce.net> Tue, 21 Mar 2006 09:00:18 -0500
webcalendar (1.0.2-1) unstable; urgency=high
* New upstream release (closes: #333991)
- Fixed local file overwrite vulnerability (CVE-2005-3961)
- Fixed multiple SQL Injection vulnerabilities (CVE-2005-3949)
(closes: #341208)
- Fixed CRLF injection XSS/response splitting vulnerability (CVE-2005-3982)
- Reportedly fixes SQL injection through the time_range parameter
(CVE-2005-3984)
(closes: #342090)
- assistant_edit.php unauthorized access vulnerability
(CVE-2005-2320) was fixed in release 1.0.0
* Changed to gettext based templates (closes: #351399)
* Switched to using dbconfig-common for database configuration
(closes: #351401)
* Enhanced config mechanism to support easier configuration and more
flexibility (closes: #293650)
* Include watch file (closes: #333789)
* Many bug fixes from upstream.
-- Tim Peeler <thp@linuxforce.net> Tue, 7 Mar 2006 10:12:58 -0500
webcalendar (0.9.45-7) unstable; urgency=high
* Real fix for CAN-2005-2717, previous fix was the wrong patch.
-- Tim Peeler <thp@linuxforce.net> Fri, 2 Sep 2005 13:26:38 +0000
webcalendar (0.9.45-6) unstable; urgency=high
* Fixed a bug in assistant_edit.php that allows unauthorized access
(closes: #315671)
-- Tim Peeler <thp@devel.localnet> Mon, 11 Jul 2005 17:56:02 -0400
webcalendar (0.9.45-5) unstable; urgency=low
* Fixed a bug in the postinst that doesn't set permissions of settings.php
correctly on upgrade (closes: #312821)
* Fixed a bug in user-ldap.php which used the wrong arguments to
ldap_error() (closes: #308500)
* Fixed a bug in user-ldap.php which prevented connecting to the openldap
because openldap no longer allows LDAPv2 by default (closes: #308501)
-- Tim Peeler <thp@linuxforce.net> Mon, 13 Jun 2005 17:55:32 -0500
webcalendar (0.9.45-4) unstable; urgency=low
* Fixed a bug in the postinst script that prevented installation when
passwords were non-alphanumeric (closes: #296935)
* Changed template to make passwords of debconf type password instead
of string (closes: #298475)
* Fixed postinst to purge database password after sql client completes
installation (closes: #302625, #302631)
* Added a chmod to postinst to prevent world read of settings.php
(closes: #303016)
* Fixed prerm to remove settings.php when doing a purge (closes: #298476)
-- Tim Peeler <thp@linuxforce.net> Fri, 25 Mar 2005 12:41:20 -0500
webcalendar (0.9.45-3) unstable; urgency=low
* removed mysql-server or postgres requirements (closes: #291590)
* added patch to fix sql injection bug CAN-2005-0474 (closes: #295960, #296280)
-- Tim Peeler <thp@linuxforce.net> Wed, 22 Dec 2004 10:18:14 -0500
webcalendar (0.9.45-2) unstable; urgency=low
* fixed a problem with postinst (closes: #286405)
-- Tim Peeler <thp@linuxforce.net> Wed, 22 Dec 2004 10:18:14 -0500
webcalendar (0.9.45-1) unstable; urgency=low
* new version of webcalendar (adds security enhancements)
* added a post install configure script
* added depends for php4-mysql | php4-pgsql (closes: #285795)
* moved docs/* to /usr/share/doc/webcalendar (closes: #285798)
* created a README (closes: #285183)
* changed short description (closes: #285680)
-- Tim Peeler <thp@linuxforce.net> Tue, 14 Dec 2004 3:34:15 -0500
webcalendar (0.9.44-1) unstable; urgency=low
* Initial Release. (closes: #261761)
-- Tim Peeler <thp@linuxforce.net> Mon, 08 Nov 2004 2:52:08 -0500