phpgroupware (0.9.16.011-2.2) unstable; urgency=low * Non-maintainer upload. * Remove php5 as alternative, as phpgroupware is incompatible with php5.2. Closes: #401045 -- Andreas Barth Fri, 8 Dec 2006 22:38:08 +0000 phpgroupware (0.9.16.011-2.1) unstable; urgency=low * Non-maintainer upload. * Add missing depends on mysql-client | postgresql-client, since these are used in the package's postinst (Closes: #398635). * Update FSF address in debian/*copyright. -- Thijs Kinkhorst Thu, 30 Nov 2006 09:56:08 +0100 phpgroupware (0.9.16.011-2) unstable; urgency=low * Fix Depends typo to read php5-mysql (Closes: #387445, #388039) -- Andrew Mitchell Mon, 2 Oct 2006 23:42:33 +1300 phpgroupware (0.9.16.011-1) unstable; urgency=high * New upstream release - Fixes CVE-2006-4458 (Closes: #386061) - Supports mysql 4.1+ & postgresql 8 (Closes: #328439) * Add apache2 & php5 to dependencies * Enable php5 compatibility mode in header.inc.php.template * Restart apache2 in postinst (Closes: #314417) * Include Swedish & Dutch debconf template translations (Closes: #342037, #364914) * Thanks to Steinar H. Gunderson for NMU -- Andrew Mitchell Mon, 11 Sep 2006 22:53:41 +1200 phpgroupware (0.9.16.010+dfsg-0.1) unstable; urgency=high * Non-maintainer upload. * Repack upstream tarball to remove non-DFSG free material. (Closes: #365201) * Remove rfc2445.txt from the upstream tarball. * Update the .kpf file to reflect the removal. -- Steinar H. Gunderson Tue, 6 Jun 2006 12:21:31 +0200 phpgroupware (0.9.16.010-1) unstable; urgency=low * New upstream release * New maintainer -- Andrew Mitchell Thu, 22 Dec 2005 10:03:11 +1300 phpgroupware (0.9.16.009-1) unstable; urgency=high * New upstream release * Features security fix to fudforum (scripting files could be uploaded using the avatar image feature), CAN-2005-2781. Closes: #340094. -- Thomas Viehmann Wed, 23 Nov 2005 20:48:29 +0100 phpgroupware (0.9.16.008-2) unstable; urgency=high * Security fix for phpgroupware-phpsysinfo based on work by the Martin Schulze of the Debian security team, thanks. - Fixed cross-site-scripting [phpsysinfo/includes/system_footer.php, phpsysinfo/includes/system_header.php, CVE-2005-0870] - Fixed arbitrary file inclusion [phpsysinfo/index.php, CVE-2005-3347] - Initialise charset variable to prevent cross-site scripting [phpsysinfo/index.php, CVE-2005-3348] -- Thomas Viehmann Tue, 15 Nov 2005 18:48:28 +0100 phpgroupware (0.9.16.008-1) unstable; urgency=high * New upstream release Security fixes: - for FUDForum Information Disclosure - see CAN-2005-2600 in phpgroupware-fudforum. Closes: #323929 - Global XSS fix in phpgroupware-phpgwapi (no CAN) - Security: Disabled XMLRPC (as upstream does) - see CAN-2005-2498 Closes: #323349 * Removed transitional package phpgroupware-core (Closes: #322060) * Included Czech translation, thank you, Miroslav Kure (Closes: #318794) -- Thomas Viehmann Tue, 30 Aug 2005 00:12:58 +0200 phpgroupware (0.9.16.006-1) unstable; urgency=high * New upstream release This includes an urgent security fix for xmlrpc bug that could allow execution of arbitrary PHP code. This is analogous to CAN-2005-2116 in the CVE. As this is very urgent, all debian maintainer script updates are postponed. * Added Vietnamese translation of the debconf template. Thanks go to Clytie Siddall for the translation and patch. Closes: #316835. -- Thomas Viehmann Wed, 6 Jul 2005 17:43:38 +0200 phpgroupware (0.9.16.005-5) unstable; urgency=high * Drop phpgroupware-forum binary package, as it's too broken for release and the fixes would be too intrusive. Closes: #311646. * Add a note about ACLs and permissions to README.Debian to clarify the behaviour that led to #306980. -- Thomas Viehmann Fri, 3 Jun 2005 16:49:01 +0200 phpgroupware (0.9.16.005-4) unstable; urgency=high * Change file location to better default on the setup page. Closes: #306969. * Fix postinst of phpgroupware. Failing postinst is RC, thus, this is urgency=high. Closes: #306968. Thanks to Steve Greenland for observing these. -- Thomas Viehmann Sun, 1 May 2005 14:47:08 +0200 phpgroupware (0.9.16.005-3) unstable; urgency=high * (almost) translation only update, thus urgency=high. - Updated ja.po by Hideki Yamane. Thanks and sorry for the delay in uploading it. Closes: #298182. - Updated de.po and fr.po myself. * Fix version information on login screen. -- Thomas Viehmann Wed, 16 Mar 2005 18:29:25 +0100 phpgroupware (0.9.16.005-2) unstable; urgency=low * Fix capitalization bug with phpgroupware/webserver debconf both Closes: #280735 * Add apache2 support. Closes: #170830. My apologies to the translators for having to change the templates. (I took the wording from phpMyAdmin, maybe you or I can cut and paste from there.) * Add CANs for security bug fixes in 0.9.16.005-1. Thanks to Joey Hess for the research. * Add lintian override for CVS in orig.tar.gz. -- Thomas Viehmann Fri, 4 Mar 2005 17:58:58 +0100 phpgroupware (0.9.16.005-1) unstable; urgency=high * New upstream release - Fixes security-related bugs (thus the urgency=high) forum, polls, preferences, projects, tts, wiki: HTML and SQL insertion CVE-Database IDs: CAN-2004-1383, CAN-2004-1384, CAN-2004-1385 (Closes: #290773) - Lifts unnecessary LDAP version restrictions (Closes: #285024) * Fix wrong message in phpgroupware.config (Closes: #271668) * Update German debconf translations (Closes: #281135) Thanks you, Erik Schanze. * Fix typo in configure script (Closes: #271925) * Quote the php_value session.save_path parameter in /etc/phpgroupware/apache.conf (Closes: #266348). * Work around zsh build problems in debian/rules. My apologies for not fixing the config bugs yet, but the security update is kind of urgent. -- Thomas Viehmann Sun, 16 Jan 2005 17:49:26 +0100 phpgroupware (0.9.16.003-1) unstable; urgency=medium * Upstream (partly security) update. - Fixes cross-site scripting bug in the wiki module. - Upstream fixes all over the place, particulary adressbook, calendar. - Some new or updated translations and documentation. -- Thomas Viehmann Mon, 6 Sep 2004 21:07:35 +0200 phpgroupware (0.9.16.002-1) unstable; urgency=medium * Upstream security update. * Folded some more license stuff into debian/copyright. * Drop build-dependency on essential package findutils. -- Thomas Viehmann Sun, 1 Aug 2004 20:27:23 +0200 phpgroupware (0.9.16.001-1) unstable; urgency=low * New upstream bugfix release. - Upstream included patch by bug submitter Martin Peylo to fix phpgroupware-headlines sql syntax error. Thanks. Closes: #255798. * Added phpgw-projects dependency on addressbook reported by Rasmus Hansen. Thanks. Closes: #257270. * Added Japanese debconf translation, thanks go to Hideki Yamane (and the other developers and users that helped). Closes: #258700. -- Thomas Viehmann Mon, 19 Jul 2004 20:29:22 +0200 phpgroupware (0.9.16.000.1.cvs.20040620-1) unstable; urgency=low * Sync with upstream's fixes for stable branch in coordination with upstream release manager. Small fixes all over the place, including - remove "=" in example phpgw-apache.conf (Closes: #252044) - fix admin hooks in sitemgr (Closes: #252220) - fix sql escaping in wiki (default_records.php, Closes: #253201) * Add doc symlinks. Closes: #234414. * Add french debconf translation by R. Pannequin. Thanks! Closes: #248371. * Updated apache configuration. * Added note about configuring PostgreSQL to README.Debian. -- Thomas Viehmann Mon, 21 Jun 2004 20:35:29 +0200 phpgroupware (0.9.16.000-1-2) unstable; urgency=low * Eliminate some prompting. * Allow building of non-Debian packages with extra packages. * Remove phpgroupware-chora from Debian packages (unsatisfiable dependency). Closes: #242522. * The netsaint module is gone in 0.9.16, thus there is no wrong Recommends any more. Closes: #240556 (In addition, the Recommends was updated in control.disabled, in case netsaint should be reintroduced.) -- Thomas Viehmann Fri, 9 Apr 2004 16:57:12 +0200 phpgroupware (0.9.16.000-1-1) unstable; urgency=low * New upstream release - Fixes PostgreSQL problems. Closes: #204674, #208994 - phpGroupWare is believed to work without register_globals = On in php.ini. Closes: #167299 - Removed patches included upstream. Yay! * Merges from 0.9.14 packaging - minor changes to debian/rules - rewrite of config maintainer script, allow backoff. Closes: #191583 * Update header.inc.php generation for 0.9.16. * Finally switch to po-debconf. Closes: #93586, #235495. * The inv module has been dropped upstream and here. But I noted the dependency in debian/control.disabled should it come back. (Closes: #234415) * Expanded README.Debian. * Spellchecked control and debconf template. * Added apache conf.d support to maintainer scripts. -- Thomas Viehmann Sat, 10 Jan 2004 19:28:14 +0100 phpgroupware (0.9.14.007-4) unstable; urgency=low * Uwe Steinmann and Jamin W. Collins did some more bug research. Quite a few were closed by the packaging changes and upstream bug fixing. - Preservation of user changes (Closes: #170820) - Configuration of apache-ssl on initial install (Closes: #166574) - fixed postrm bug dupe (Closes: #170841) - ldap schema now included (Closes: #197702) - README.Debian was written. (Closes: #170818) - Version display on login page even shows debian revision (Closes: #166579) - wwwconfig-common not called if removed during purge (Closes: #211161, #211639) - wwwconfig-common bug in mysql execution fixed (Closes: #207777) - '&' in passwords seems to work now (Closes: #181935) Fix permissions to /var/lib/phpgroupware/sessions This fixes php4 session type. (Closes: #173871) * The descriptions have been improved. Closes: #209809, #210153, #209817, #209941, #210043, #210176, #210064, #210143, #209692, #209954, #209832, #209980, #209992. -- Thomas Viehmann Sat, 3 Jan 2004 21:47:07 +0100 phpgroupware (0.9.14.007-3) unstable; urgency=low * Various rules file improvements, allow splitting of source packages if desired. * Drop packages not yet in sid. (See debian/control.disabled in source.) -- Thomas Viehmann Fri, 2 Jan 2004 12:02:19 +0100 phpgroupware (0.9.14.007-2) unstable; urgency=low * Some configuration (debconf use) modifications. (Good ideas by Jamin W. Collins (thanks!), bad mistakes by myself.) - Remove old debconf upgrade notice - Erase admin password in postinst/postrm and reprompt where needed. - Rephrase some questions. - Try to guess administrator name. - Reduce db options to mysql and postgres. * Fixes to the web based configuration in phpGroupWare (Again, thanks to Jamin) - Add big fat notice about passwords being displayed in header configuration until a fix for the fact itself is ready - Fix display of "configuration complete" (in setup/index.php) before the user has seen setup/config.php. - Improve some language-output. (English only, this needs to be better.) * Include some modules that had not been in control file. * Grant locking rights to phpgroupware mysql account (closes: #225342) -- Thomas Viehmann Mon, 29 Dec 2003 22:11:50 +0100 phpgroupware (0.9.14.007-1) unstable; urgency=low * New upstream release Security fixes (Closes: #216306): - SQL injection in infolog (escaping strings in queries) - script injection in calendar (holiday files now need extension .txt) postinst of calendar will rename files in /usr/share/phpgroupware/calendar/phpgroupware.org * Remove empty phpgroupware/examples directory (Suggestion by Uwe Steinmann, thanks) * Fix permissions of files directory (Closes: #207797) * New Debian maintainer. * Remove link /usr/share/phpgroupware/files, this is needed to fix vfs storage problem noted in CAN-2003-0599 and addressed by version 0.9.14.005. * Fold phpgroupware-core package into phpgroupware. * Tweak the build process to weed out lintian errors and reduce the number of warnings. -- Thomas Viehmann Thu, 11 Dec 2003 17:42:11 +0100 phpgroupware (0.9.14.006-1) unstable; urgency=low * Inofficial release not for debian general usage. * New upstream release * Corrected illfix to #183896. (Correction pointed out by Luca.) -- Thomas Viehmann Wed, 6 Aug 2003 20:45:19 +0200 phpgroupware (0.9.14.005-1) unstable; urgency=low * New upstream version Includes security fixes for - cross site scripting (CAN-2003-0504), see - sql insertion (CAN-2003-0657) - vfs storage in document dir now prohibited (CAN-2003-0599) - Remove $appdir in includes in tables_update.inc.php to prevent execution of arbitrary scripts. Closes: #201980 * Repackaging more or less from scratch. - Used parts from Luca's / Tilo's packaging. See changelog.old.gz for details. - Undo source split. * Skip invocation wwwconfig-common's utils when they're not present. (Closes: #183896) * Call db_stop after debhelper includes. (Closes: #164354) * Add patch by Toni Mueller to fix manageheader.php's inclusion of header.inc.php. (Closes: #183991). -- Thomas Viehmann Sun, 13 Jul 2003 23:32:46 +0200