-gforge (4.6.99+svn6368+something-0) UNRELEASED; urgency=low
+gforge (4.7~rc3+svn6839-1) experimental; urgency=low
- * Tracking upstream SVN.
- * Fixed dependency on mediawiki.
+ * New SVN snapshot.
+ * Made PostgreSQL dependency stricter: some of the views only work with
+ versions >= 8.1 (closes: #498811).
+
+ -- Christian Bayle <bayle@debian.org> Fri, 30 Jan 2009 19:45:38 +0100
+
+gforge (4.7~rc2-7) unstable; urgency=high
+
+ * Fixed yet another SQL injection vulnerability due to insufficient
+ input sanitizing (CVE-2008-2381).
+
+ -- Roland Mas <lolando@debian.org> Wed, 17 Dec 2008 15:26:59 +0100
+
+gforge (4.7~rc2-6) unstable; urgency=high
+
+ * Removed gforge-plugins-extra binary package (closes: #504758). I
+ can't promise to do security support for it, and it's quite
+ susceptible to security holes since it ships local copies of PHP
+ libraries.
+
+ -- Roland Mas <lolando@debian.org> Sat, 15 Nov 2008 20:06:46 +0100
+
+gforge (4.7~rc2-5) unstable; urgency=high
+
+ * Fix several SQL injection vulnerabilities due to insufficient input
+ sanitizing.
+
+ -- Roland Mas <lolando@debian.org> Mon, 06 Oct 2008 16:12:50 +0200
+
+gforge (4.7~rc2-4) unstable; urgency=low
+
+ * gforge-plugin-scmsvn: display SVN instructions corresponding to the
+ actual Debian setup (SSH, no DAV).
+
+ -- Roland Mas <lolando@debian.org> Mon, 22 Sep 2008 11:49:23 +0200
+
+gforge (4.7~rc2-3) unstable; urgency=low
+
+ * Added explicit cast to fix PostgreSQL 8.3 compatibility (closes:
+ #497512).
+
+ -- Roland Mas <lolando@debian.org> Thu, 04 Sep 2008 09:06:51 +0200
+
+gforge (4.7~rc2-2) unstable; urgency=low
+
+ * Fixed chroot setup on amd64 (closes: #495728).
+
+ -- Roland Mas <lolando@debian.org> Sun, 31 Aug 2008 20:33:58 +0200
+
+gforge (4.7~rc2-1-svn6585) unstable; urgency=low
+
+ * Added support for nss shadow
+ * Commented allusers and allgroups entries in nss config as a workaround
+ for failing postgreqsl restart, also changed getent calls in install-chroot.sh
+
+ -- Christian Bayle <bayle@debian.org> Fri, 15 Aug 2008 20:05:16 +0200
+
+gforge (4.7~rc2-1) unstable; urgency=low
+
+ * Changed version number to reflect the upstream tagging of r6582 to
+ 4.7rc2. No changes in code.
+ * Updated Debconf template translations for Swedish (closes: #492883).
+
+ -- Roland Mas <lolando@debian.org> Tue, 19 Aug 2008 21:19:03 +0200
+
+gforge (4.6.99+svn6582-1) unstable; urgency=low
+
+ * Removed from gforge-plugins-extra a few files that were also present
+ in other packages (closes: #492952).
+
+ -- Roland Mas <lolando@debian.org> Fri, 08 Aug 2008 17:03:48 +0200
+
+gforge (4.6.99+svn6580-1) unstable; urgency=low
+
+ [ Christian Bayle ]
+ * Don't try to unregister scm plugins when GForge database is not
+ available
+ * Adapted use-snoopy-from-distro.dpatch for new gfplugin and
+ gfconfig vars
+ * Readded missing cvs-pserver and removed obsolete one from
+ deb-specific, fixed missing lib for cvs in install-chroot.sh
+ * Fix mailman ScriptAlias
+ * SYSLOGD is now to set in /etc/default/syslogd
+ * Renamed update-user-group-cvs.sh in update-user-group-ssh.sh
+ as it doesn't update CVS
+
+ [ Roland Mas ]
+ * New SVN snapshot.
+ * Fix a few bashisms in shell scripts (closes: #489600, #489601).
+ * Tweaked dependencies on virtual packages.
+ * Fixed PostgreSQL socket path in Postfix configuration, and removed old
+ unused code.
+ * Since we can't seem to decide on whether the Mailman web interface
+ should be under /cgi/bin/mailman/ or directly under /mailman/, at
+ least ensure that both work. This should put an end to the related
+ troubles (closes: #399671, #486845).
+ * Cleaned up the Apache configuration script to use the
+ sites-available/sites-enabled system (closes: #398885).
+ * Fixed include_path and include files for cron jobs, so they are not
+ prevented from running (closes: #373557).
+ * Fixed upstream: user activity reporting now allows searching for users
+ by the initial letter of their username as well as their lastname
+ (closes: #373558)
+ * Stop trying to copy a nonexisting default page for projects (closes:
+ #374431).
+
+ -- Roland Mas <lolando@debian.org> Sun, 20 Jul 2008 20:16:46 +0200
+
+gforge (4.6.99+svn6496-1) unstable; urgency=low
+
+ * New SVN snapshot, incuding a fix for the previous patch.
+
+ -- Roland Mas <lolando@debian.org> Wed, 14 May 2008 18:27:34 +0200
+
+gforge (4.6.99+svn6491-1) unstable; urgency=high
+
+ * New SVN snapshot, includes fix for an insecure file handling
+ (CVE-2008-0167).
+
+ -- Roland Mas <lolando@debian.org> Tue, 13 May 2008 12:20:18 +0200
+
+gforge (4.6.99+svn6486-1) unstable; urgency=low
+
+ * New SVN snapshot.
+ * Updated Debconf template translations for Portuguese (closes:
+ #475769).
+ * Removed from gforge-plugins-extra a file that should only be in
+ gforge-plugin-mediawiki (closes: #476582).
+ * Enabled the "headers" module in apache2, since the database auth
+ tokens are now received through an extra header rather than through
+ environment variables.
+
+ -- Roland Mas <lolando@debian.org> Thu, 24 Apr 2008 22:57:54 +0200
+
+gforge (4.6.99+svn6477-1) unstable; urgency=low
+
+ [ Christian Bayle ]
+ * Change apache NameVirtualHost to use * instead of IP address
+ * Harden exim4 uninstall so it doesn't fail on a missing file
+ * Don't invoke proftpd restart as it locks install
+ * Replace deprecated DisplayFirstChdir with DisplayChdir in proftpd config
+
+ [ Roland Mas ]
+ * New SVN snapshot.
+ * New feature from the "urlmaker" branch, to compute URLs for links and
+ forms in one single place, the point being to make it easier to host
+ Gforge in a variety of URL schemes (full virtual host or
+ http://shared.host/gforge, for instance).
+ * Updated Debconf template translations for French, German, Finnish,
+ Russian, Galician, Vietnamese, Czech and Dutch (closes: #468471,
+ #469756, #472485, #472502, #472588, #473192, #474621).
+
+ -- Roland Mas <lolando@debian.org> Fri, 11 Apr 2008 13:59:31 +0200
+
+gforge (4.6.99+svn6387-1) unstable; urgency=low
+
+ * New SVN snapshot.
+ * Adapted to mediawiki packaging no longer being in mediawiki1.X package
+ and directory names.
* Bumped Standards-Version to 3.7.3 (no changes needed).
* Removed .cvsignore files from packages.
* Cleaned up empty directories in binary packages.
* Removed useless gforge-ftp-proftpd.templates and
gforge-shell-postgresql.config.
* Various fixes in debconf files, inspired by a lintian check.
+ * Removed lintian overrides, no longer needed.
+ * Updated to PostgreSQL 8.3 (while still retaining compatibility with
+ 8.2), with a few syntax fixes.
- -- Roland Mas <lolando@debian.org> Tue, 26 Feb 2008 22:02:10 +0100
+ -- Roland Mas <lolando@debian.org> Wed, 27 Feb 2008 10:23:40 +0100
gforge (4.6.99+svn6368-1) unstable; urgency=low