-gforge (4.6.99+svn6159-0+1) UNRELEASED; urgency=low
+gforge (4.6.99+svn6506-1) unstable; urgency=low
- * New SVN snapshot (r6159), including the removal of a few tables
+ [ Christian Bayle ]
+ * Don't try to unregister scm plugins when GForge database is not
+ available
+ * Adapted use-snoopy-from-distro.dpatch for new gfplugin and
+ gfconfig vars
+
+ [ Roland Mas ]
+ * Tracking upstream SVN.
+
+ -- Roland Mas <lolando@debian.org> Wed, 21 May 2008 15:49:18 +0200
+
+gforge (4.6.99+svn6496-1) unstable; urgency=low
+
+ * New SVN snapshot, incuding a fix for the previous patch.
+
+ -- Roland Mas <lolando@debian.org> Wed, 14 May 2008 18:27:34 +0200
+
+gforge (4.6.99+svn6491-1) unstable; urgency=high
+
+ * New SVN snapshot, includes fix for an insecure file handling
+ (CVE-2008-0167).
+
+ -- Roland Mas <lolando@debian.org> Tue, 13 May 2008 12:20:18 +0200
+
+gforge (4.6.99+svn6486-1) unstable; urgency=low
+
+ * New SVN snapshot.
+ * Updated Debconf template translations for Portuguese (closes:
+ #475769).
+ * Removed from gforge-plugins-extra a file that should only be in
+ gforge-plugin-mediawiki (closes: #476582).
+ * Enabled the "headers" module in apache2, since the database auth
+ tokens are now received through an extra header rather than through
+ environment variables.
+
+ -- Roland Mas <lolando@debian.org> Thu, 24 Apr 2008 22:57:54 +0200
+
+gforge (4.6.99+svn6477-1) unstable; urgency=low
+
+ [ Christian Bayle ]
+ * Change apache NameVirtualHost to use * instead of IP address
+ * Harden exim4 uninstall so it doesn't fail on a missing file
+ * Don't invoke proftpd restart as it locks install
+ * Replace deprecated DisplayFirstChdir with DisplayChdir in proftpd config
+
+ [ Roland Mas ]
+ * New SVN snapshot.
+ * New feature from the "urlmaker" branch, to compute URLs for links and
+ forms in one single place, the point being to make it easier to host
+ Gforge in a variety of URL schemes (full virtual host or
+ http://shared.host/gforge, for instance).
+ * Updated Debconf template translations for French, German, Finnish,
+ Russian, Galician, Vietnamese, Czech and Dutch (closes: #468471,
+ #469756, #472485, #472502, #472588, #473192, #474621).
+
+ -- Roland Mas <lolando@debian.org> Fri, 11 Apr 2008 13:59:31 +0200
+
+gforge (4.6.99+svn6387-1) unstable; urgency=low
+
+ * New SVN snapshot.
+ * Adapted to mediawiki packaging no longer being in mediawiki1.X package
+ and directory names.
+ * Bumped Standards-Version to 3.7.3 (no changes needed).
+ * Removed .cvsignore files from packages.
+ * Cleaned up empty directories in binary packages.
+ * Rephrased debian/copyright file.
+ * Removed useless gforge-ftp-proftpd.templates and
+ gforge-shell-postgresql.config.
+ * Various fixes in debconf files, inspired by a lintian check.
+ * Removed lintian overrides, no longer needed.
+ * Updated to PostgreSQL 8.3 (while still retaining compatibility with
+ 8.2), with a few syntax fixes.
+
+ -- Roland Mas <lolando@debian.org> Wed, 27 Feb 2008 10:23:40 +0100
+
+gforge (4.6.99+svn6368-1) unstable; urgency=low
+
+ * New SVN snapshot.
+ * New binary package: gforge-plugin-mediawiki, to embed Mediawiki in
+ Gforge (in an iframe, on a new optional project tab). The related
+ files have been removed from gforge-plugin-extras.
+
+ -- Roland Mas <lolando@debian.org> Mon, 25 Feb 2008 20:13:21 +0100
+
+gforge (4.6.99+svn6347-1) unstable; urgency=high
+
+ * New SVN snapshot, including a fix for a cross-site scripting
+ vulnerability (CVE-2007-0176).
+ * Fixed typos in debian/control.
+
+ -- Roland Mas <lolando@debian.org> Mon, 21 Jan 2008 14:57:32 +0100
+
+gforge (4.6.99+svn6330-1) unstable; urgency=high
+
+ * Finished removing all references to LDAP from the Debconf templates
+ and maintainer scripts (closes: #408867).
+ * Also updated German debconf template translation (closes: #456504).
+ * Fixed SQL injection vulnerability due to insufficient input sanitizing
+ (CVE-2008-0173).
+
+ -- Roland Mas <lolando@debian.org> Thu, 10 Jan 2008 13:59:45 +0100
+
+gforge (4.6.99+svn6319-3) unstable; urgency=low
+
+ * gforge-mta-postfix.config: don't try to replace files unless their
+ replacements have been generated.
+
+ -- Roland Mas <lolando@debian.org> Fri, 14 Dec 2007 17:20:11 +0100
+
+gforge (4.6.99+svn6319-2) unstable; urgency=low
+
+ * Fixed dependencies to add at least one real package before virtual
+ ones.
+
+ -- Roland Mas <lolando@debian.org> Fri, 14 Dec 2007 13:12:15 +0100
+
+gforge (4.6.99+svn6319-1) unstable; urgency=low
+
+ * New SVN snapshot (r6319). This includes a bugfix for the creation of
+ a relation between a tracker item and a task (closes: #376095), and a
+ few German localisation updates (closes: #375526).
+ * The SCM plugins now depend on some gforge-shell, since they're useless
+ without it anyway.
+ * Updated gforge-shell-postgresql dependency to point to openssh-server
+ rather than ssh. Also added a recommendation on nscd.
+ * Updated the list of registered themes to match what's actually
+ available (closes: #395026).
+ * Handle "/" characters in values for the config file (closes: #420511).
+
+ -- Roland Mas <lolando@debian.org> Thu, 13 Dec 2007 10:44:37 +0100
+
+gforge (4.6.99+svn6313-1) unstable; urgency=low
+
+ * New SVN snapshot (r6313). Gettext transition is now complete
+ (including the French translation). Still lots of cleanups.
+ * Removed debian/patches/use-fckeditor-from-distro.dpatch, since
+ run-time detection was added upstream.
+ * Fix maintainer scripts for gforge-plugin-scmcvs and -scmsvn (no
+ db-upgrade.pl/db-delete.pl script to call).
+ * Use Unix domain sockets for NSS-pgsql too.
+ * gforge-shell-postgresql now depends on libnss-pgsql2 rather than the
+ old libnss-pgsql1.
+ * Switch to using ucf for management of config files, instead of
+ home-grown scripts and functions. Re-use Debconf instance if one
+ exists.
+ * More generally, cleaned up the maintainer scripts.
+ * Fixed handling of localised error messages from the PostgreSQL server
+ (closes: #283849).
+
+ -- Roland Mas <lolando@debian.org> Tue, 11 Dec 2007 21:21:23 +0100
+
+gforge (4.6.99+svn6225-1) unstable; urgency=low
+
+ * New SVN snapshot (r6225). Mostly fixes for PHP warnings.
+ * Re-add a prerm script for the scmsvn plugin, which had somehow been
+ lost.
+ * debian/patches/use-fckeditor-from-distro.dpatch: Use the FCKeditor
+ provided by the fckeditor package rather than shipping our own copy of it
+ (closes: #452597).
+ * Removed the local copy from the binary packages, to be extra sure.
+
+ -- Roland Mas <lolando@debian.org> Sat, 24 Nov 2007 10:01:48 +0100
+
+gforge (4.6.99+svn6219-1) unstable; urgency=low
+
+ * New SVN snapshot (r6219). Includes lots of fixes for PHP warnings,
+ some internationalisation work, and fixes for IPv6 compatibility.
+ * Apache virtual hosts are now available on every IP address, so they'll
+ still work on dual-stack (IPv4 and IPv6) boxes.
+ * debian/patches/unix-sockets-for-database.dpatch: Use Unix sockets to
+ connect to the PostgreSQL server.
+
+ -- Roland Mas <lolando@debian.org> Fri, 23 Nov 2007 10:25:40 +0100
+
+gforge (4.6.99+svn6169-1) unstable; urgency=high
+
+ * New SVN snapshot (r6169), including the removal of a few tables
(replaced by views where needed, or access to the RBAC tables when
possible).
* Updated package description and Debconf templates after a review by
the debian-l10n-english team (closes: #446569).
- * Updated debian/po/de.po, from Helge Kreutzmann <debian@helgefjell.de>
- (closes: #447170).
- * Ditto for debian/po/gl.po, from Jacobo Tarrio <jtarrio@trasno.net>
- (closes: #447194).
- * Ditto for debian/po/cs.po, from Miroslav Kure
+ * Updated debian/po/de.po (German translation), from Helge Kreutzmann
+ <debian@helgefjell.de> (closes: #447170).
+ * Ditto for debian/po/gl.po (Galician), from Jacobo Tarrio
+ <jtarrio@trasno.net> (closes: #447194).
+ * Ditto for debian/po/cs.po (Czech), from Miroslav Kure
<kurem@upcase.inf.upol.cz> (closes: #447477).
- * Ditto for debian/po/vi.po, from Clytie Siddall
+ * Ditto for debian/po/vi.po (Vietnamese), from Clytie Siddall
<clytie@riverland.net.au> (closes: #447883).
- * Ditto for debian/po/nl.po, from Bart Cornelis <cobaco@skolelinux.no>
- (closes: #448124).
- * Ditto for debian/po/pt.po, from Ricardo Silva <ardoric@gmail.com>
- (closes: #448229).
- * Added new Finnish translation, from Esko Arajärvi <edu@iki.fi>
- (closes: #447298).
+ * Ditto for debian/po/nl.po (Dutch/Flemish), from Bart Cornelis
+ <cobaco@skolelinux.no> (closes: #448124).
+ * Ditto for debian/po/pt.po (Portuguese), from Ricardo Silva
+ <ardoric@gmail.com> (closes: #448229).
+ * Ditto for debian/po/fr.po (French), from Christian Perrier
+ <bubulle@debian.org> (closes: #449014).
+ * Added new debian/po/fi.po (Finnish) translation, from Esko Arajärvi
+ <edu@iki.fi> (closes: #447298).
+ * Added new debian/po/ru.po (Russian) translation, from Yuri Kozlov
+ <kozlov.y@gmail.com> (closes: #448938).
* Applied a patch by Steffen Joeris <steffen.joeris@skolelinux.de> for a
security vulnerability (CVE-2007-5156) in the copy of FCKeditor
embedded in gforge-plugins-extra (closes: #447590).
+ * SVN r6169 also fixes a few denial of service and file truncation
+ vulnerabilities (CVE-2007-3921).
* Added Vcs-Bzr: field to debian/control.
+ * Patched dsf-helper.pl so it removes a few blank lines in Debconf
+ templates, since they're not allowed.
- -- Roland Mas <lolando@debian.org> Wed, 31 Oct 2007 15:52:49 +0100
+ -- Roland Mas <lolando@debian.org> Tue, 06 Nov 2007 20:10:41 +0100
gforge (4.6.99+svn6094-4) unstable; urgency=low