Roland Mas [Thu, 28 May 2015 09:42:57 +0000 (11:42 +0200)]
Fixed distribution name
Roland Mas [Thu, 28 May 2015 09:29:38 +0000 (11:29 +0200)]
Security upload for CVE-2015-0850 (arbitrary command execution)
Roland Mas [Tue, 26 May 2015 20:12:40 +0000 (22:12 +0200)]
Prevent arbitrary command execution via clone URL parameter of the method to create secondary Git repositories. Found by Ansgar Burchardt <ansgar@debian.org>. This is CVE-2015-0850.
Sylvain Beucler [Mon, 15 Dec 2014 16:00:13 +0000 (17:00 +0100)]
Regen debian/control
Sylvain Beucler [Mon, 15 Dec 2014 14:37:48 +0000 (15:37 +0100)]
Thorsten Glaser [Mon, 15 Dec 2014 09:12:38 +0000 (10:12 +0100)]
use interest-noawait triggers (Debian #772870)
Sylvain Beucler [Mon, 8 Dec 2014 14:47:11 +0000 (15:47 +0100)]
Use Debian-specific 'invoke-rc.d' instead of portable 'service' (closes: #771619)
Sylvain Beucler [Tue, 4 Nov 2014 15:57:27 +0000 (16:57 +0100)]
debian: bump Standards-Version
Sylvain Beucler [Tue, 4 Nov 2014 15:09:43 +0000 (16:09 +0100)]
README.Debian: remove reference to README.Custom
Sylvain Beucler [Tue, 4 Nov 2014 13:22:29 +0000 (14:22 +0100)]
Reference #767688 closed upstream
Sylvain Beucler [Tue, 4 Nov 2014 13:20:10 +0000 (14:20 +0100)]
Merge remote-tracking branch 'upstream/Branch_5_3' into debian/5.3
Sylvain Beucler [Tue, 4 Nov 2014 13:18:48 +0000 (14:18 +0100)]
debian: don't install over symlink (closes #767688)
a.k.a. don't clean-up a released stable branch :P
Sylvain Beucler [Wed, 10 Sep 2014 16:17:34 +0000 (18:17 +0200)]
Revert accidental /etc/fusionforge/* -> /etc/gforge/ moves
Conflicts:
src/debian/rules
Sylvain Beucler [Tue, 4 Nov 2014 11:21:52 +0000 (12:21 +0100)]
install-dns.sh: fix configure step, missing $data_path
Sylvain Beucler [Tue, 4 Nov 2014 11:15:52 +0000 (12:15 +0100)]
plugin-sysauthldap.postinst.in: revert
10610e534b9e7eda5968d16454ef0db897f2da22 (Replace hardcoded paths) since postinst.in files are not expanded
Sylvain Beucler [Tue, 4 Nov 2014 11:15:41 +0000 (12:15 +0100)]
Merge remote-tracking branch 'upstream/Branch_5_3' into debian/5.3
Sylvain Beucler [Tue, 4 Nov 2014 11:00:59 +0000 (12:00 +0100)]
plugin-sysauthldap: install: fix PATH
Sylvain Beucler [Tue, 4 Nov 2014 10:52:40 +0000 (11:52 +0100)]
Add missing arc2 dependency to plugin-foafprofiles
Sylvain Beucler [Tue, 28 Oct 2014 16:00:18 +0000 (17:00 +0100)]
Merge remote-tracking branch 'upstream/Branch_5_3' into debian/5.3
Sylvain Beucler [Tue, 28 Oct 2014 14:48:51 +0000 (15:48 +0100)]
user account info: use 'shell_host' rather than empty getUnixBox()
Sylvain Beucler [Tue, 28 Oct 2014 13:57:00 +0000 (14:57 +0100)]
Resurrect 'shell_host' variable (with fallback to 'web_host') and use it to document where users can SSH to the group shared directory [#698]
Sylvain Beucler [Mon, 27 Oct 2014 14:27:18 +0000 (15:27 +0100)]
Merge remote-tracking branch 'upstream/Branch_5_3' into debian/5.3
Sylvain Beucler [Fri, 24 Oct 2014 15:47:11 +0000 (17:47 +0200)]
Remove leading underscore in e-mail change confirmation hash [#738]
Roland Mas [Mon, 20 Oct 2014 12:37:58 +0000 (14:37 +0200)]
Merge remote-tracking branch 'remotes/upstream/Branch_5_3' into debian/5.3
Roland Mas [Mon, 20 Oct 2014 12:35:03 +0000 (14:35 +0200)]
Mediawiki backport no longer needed
Roland Mas [Mon, 20 Oct 2014 10:22:53 +0000 (12:22 +0200)]
Cope with matrix-style Jenkins project
Franck Villaume [Thu, 16 Oct 2014 14:12:43 +0000 (16:12 +0200)]
fix [#742] plugin hudson: delete job on project deletion
Franck Villaume [Thu, 16 Oct 2014 13:40:29 +0000 (15:40 +0200)]
fix [#742] plugin hudson: delete jobs on project deletion
Roland Mas [Thu, 16 Oct 2014 11:33:10 +0000 (13:33 +0200)]
Merge remote-tracking branch 'remotes/upstream/Branch_5_3' into debian/5.3
Roland Mas [Thu, 16 Oct 2014 10:37:58 +0000 (12:37 +0200)]
Fixed class names in test suites
Franck Villaume [Thu, 16 Oct 2014 09:44:52 +0000 (11:44 +0200)]
fix [#740]: plugin Hudson / Jenkins: wrong global status in Hudson Jobs Widget
Roland Mas [Fri, 10 Oct 2014 07:19:01 +0000 (09:19 +0200)]
Merge remote-tracking branch 'remotes/upstream/Branch_5_3' into debian/5.3
Roland Mas [Fri, 10 Oct 2014 07:18:11 +0000 (09:18 +0200)]
Update location of our 3rd-party repositories on the buildbot
Roland Mas [Fri, 10 Oct 2014 07:15:46 +0000 (09:15 +0200)]
Fixed undefined variable in script
Roland Mas [Thu, 9 Oct 2014 14:02:44 +0000 (16:02 +0200)]
Merge remote-tracking branch 'remotes/upstream/Branch_5_3' into debian/5.3
Sylvain Beucler [Mon, 6 Oct 2014 09:56:01 +0000 (11:56 +0200)]
stats: document that options are ignored on error; fix PHP warning; use $this->setError instead of debug() so the script doesn't crash on error
Franck Villaume [Sat, 4 Oct 2014 09:03:08 +0000 (11:03 +0200)]
sync
Franck Villaume [Sat, 4 Oct 2014 09:02:19 +0000 (11:02 +0200)]
fix [#736] SCM stats block: wrong order
Roland Mas [Fri, 3 Oct 2014 07:42:19 +0000 (09:42 +0200)]
Remove literal \n
Roland Mas [Fri, 3 Oct 2014 07:30:44 +0000 (09:30 +0200)]
Support Apache 2.2 (without mod_macro) in Git-over-WebDAV (not smart-http)
Franck Villaume [Thu, 2 Oct 2014 08:20:02 +0000 (10:20 +0200)]
fix [#735] plugin scmhook: no data displayed
Franck Villaume [Wed, 1 Oct 2014 12:50:53 +0000 (14:50 +0200)]
other typo
Franck Villaume [Wed, 1 Oct 2014 12:22:33 +0000 (14:22 +0200)]
typo
Roland Mas [Wed, 1 Oct 2014 08:58:00 +0000 (10:58 +0200)]
Make Mediawiki wrapper executable
Roland Mas [Wed, 1 Oct 2014 08:41:21 +0000 (10:41 +0200)]
Drop plugin-specific data from pfo_role_setting table when unlinking a role from a project
Roland Mas [Wed, 1 Oct 2014 07:55:21 +0000 (09:55 +0200)]
Create appropriate upload dir
Roland Mas [Wed, 1 Oct 2014 07:54:18 +0000 (09:54 +0200)]
Use appropriate location for initial Mediawiki content to be loaded on wiki creation
Franck Villaume [Mon, 29 Sep 2014 12:50:51 +0000 (14:50 +0200)]
fix [#732]: plugin authldap: error and warning messages dislayed twice
Thorsten Glaser [Fri, 26 Sep 2014 08:12:07 +0000 (10:12 +0200)]
permit plugin postinst to receive dpkg triggers
Roland Mas [Mon, 22 Sep 2014 14:34:59 +0000 (16:34 +0200)]
Use wrapper for cron jobs
Roland Mas [Mon, 22 Sep 2014 14:34:35 +0000 (16:34 +0200)]
Fixes to .spec file for gitweb
Thorsten Glaser [Mon, 22 Sep 2014 12:06:06 +0000 (14:06 +0200)]
Merge branch 'Branch_5_2' into Branch_5_3
Thorsten Glaser [Mon, 22 Sep 2014 12:05:05 +0000 (14:05 +0200)]
Merge branch 'Branch_5_1' into Branch_5_2
Thorsten Glaser [Mon, 22 Sep 2014 12:03:51 +0000 (14:03 +0200)]
several more places where we can disable cgi-bin for CVE-2014-6275
Sylvain Beucler [Mon, 22 Sep 2014 09:59:55 +0000 (11:59 +0200)]
httpd: disable per-group cgi-bin by default (CVE-2014-6275)
Conflicts:
src/cronjobs/homedirs.php
Sylvain Beucler [Mon, 22 Sep 2014 11:49:12 +0000 (13:49 +0200)]
v5.3.2-1
Sylvain Beucler [Mon, 22 Sep 2014 11:27:27 +0000 (13:27 +0200)]
Merge remote-tracking branch 'upstream/Branch_5_3' into debian/5.3
Sylvain Beucler [Mon, 22 Sep 2014 09:59:55 +0000 (11:59 +0200)]
httpd: disable per-group cgi-bin by default (CVE-2014-6275)
Conflicts:
src/cronjobs/homedirs.php
Sylvain Beucler [Mon, 22 Sep 2014 09:37:58 +0000 (11:37 +0200)]
Fix testsuite
Roland Mas [Mon, 22 Sep 2014 10:10:06 +0000 (12:10 +0200)]
Fixed /users/foo when restrict_users_visibility is true
Sylvain Beucler [Fri, 19 Sep 2014 14:38:01 +0000 (16:38 +0200)]
Prepare 5.3.2 release
Thorsten Glaser [Thu, 18 Sep 2014 17:28:49 +0000 (19:28 +0200)]
Merge branch 'Branch_5_2' into Branch_5_3
Thorsten Glaser [Thu, 18 Sep 2014 17:28:33 +0000 (19:28 +0200)]
Merge branch 'Branch_5_1' into Branch_5_2
Thorsten Glaser [Thu, 18 Sep 2014 17:27:49 +0000 (19:27 +0200)]
document a known PHP bug whose fix was rejected
Roland Mas [Wed, 17 Sep 2014 10:13:20 +0000 (12:13 +0200)]
Trim email address when it comes from LDAP
Roland Mas [Tue, 16 Sep 2014 13:56:27 +0000 (15:56 +0200)]
Strip {crypt} prefix from Unix password gotten from LDAP
Roland Mas [Tue, 16 Sep 2014 13:45:08 +0000 (15:45 +0200)]
Fixed SQL query
Franck Villaume [Mon, 15 Sep 2014 13:06:01 +0000 (15:06 +0200)]
plugin mediawiki: add missing admin url for quicknav menu
Franck Villaume [Mon, 15 Sep 2014 09:12:50 +0000 (11:12 +0200)]
plugin Mediawiki: cosmetic fix: translation and double h1
Franck Villaume [Mon, 15 Sep 2014 08:10:43 +0000 (10:10 +0200)]
scmbzr: fix typo wrong var
Roland Mas [Fri, 12 Sep 2014 14:53:53 +0000 (16:53 +0200)]
Merge remote-tracking branch 'remotes/upstream/Branch_5_3' into debian/5.3
Roland Mas [Fri, 12 Sep 2014 14:49:04 +0000 (16:49 +0200)]
fix [#717]: Wrong data report in SCM plugin: scmbzr
Sylvain Beucler [Wed, 10 Sep 2014 16:17:34 +0000 (18:17 +0200)]
Revert accidental /etc/fusionforge/* -> /etc/gforge/ moves
Roland Mas [Wed, 10 Sep 2014 12:50:44 +0000 (14:50 +0200)]
Merge remote-tracking branch 'remotes/upstream/Branch_5_3' into debian/5.3
Roland Mas [Tue, 9 Sep 2014 14:36:57 +0000 (16:36 +0200)]
Unmixed error messages when required includes are missing
Franck Villaume [Sat, 6 Sep 2014 15:50:19 +0000 (17:50 +0200)]
partial fix [#720] plugin scmsvn: anonymous role permission setting read/write
Franck Villaume [Fri, 5 Sep 2014 14:08:20 +0000 (16:08 +0200)]
fix [#717]: update the scmsvn stats block
Roland Mas [Wed, 3 Sep 2014 16:26:32 +0000 (18:26 +0200)]
More fixes to the .spec file for the mediawiki plugin; now works (with an ugly hack)
Roland Mas [Wed, 3 Sep 2014 14:30:01 +0000 (16:30 +0200)]
More fixes to the .spec file for the mediawiki plugin
Roland Mas [Wed, 3 Sep 2014 13:09:58 +0000 (15:09 +0200)]
Fixes to the .spec file for the mediawiki plugin
Roland Mas [Wed, 3 Sep 2014 11:40:27 +0000 (13:40 +0200)]
More logging of why Selenium "doesn't start"
Roland Mas [Tue, 2 Sep 2014 17:17:55 +0000 (19:17 +0200)]
Merge remote-tracking branch 'remotes/upstream/Branch_5_3' into debian/5.3
Roland Mas [Tue, 2 Sep 2014 16:31:38 +0000 (18:31 +0200)]
Create homedir for the gforge/fusionforge user
Thorsten Glaser [Tue, 2 Sep 2014 13:19:22 +0000 (15:19 +0200)]
Merge branch 'Branch_5_1' into Branch_5_2
Conflicts:
src/common/include/database-pgsql.php
Thorsten Glaser [Tue, 2 Sep 2014 13:18:08 +0000 (15:18 +0200)]
pg_result was PHP3 and died with PHP 4.2; pg_fetch_result is “new”
thanks to PHP4 docs archive and nerville
Franck Villaume [Mon, 1 Sep 2014 13:22:23 +0000 (15:22 +0200)]
fix [#717] scmhg plugin wrong stats
Franck Villaume [Mon, 1 Sep 2014 12:34:39 +0000 (14:34 +0200)]
fix [#723] scmhg plugin: set push_ssl correctly
Franck Villaume [Mon, 1 Sep 2014 11:39:30 +0000 (13:39 +0200)]
fix [#721] & [#722]: jQueryAutoHeight missing html id, missing drop previous user stats in stats gathering
Franck Villaume [Sat, 30 Aug 2014 16:54:52 +0000 (18:54 +0200)]
fix [#717]: Wrong data report in SCM plugin: scmgit & scmsvn fix
Franck Villaume [Fri, 29 Aug 2014 19:15:03 +0000 (21:15 +0200)]
fix [#718]: legend block size exceeds the graph canvas
Roland Mas [Wed, 27 Aug 2014 14:15:35 +0000 (16:15 +0200)]
Update building of selenium RPM
Roland Mas [Wed, 27 Aug 2014 13:48:43 +0000 (15:48 +0200)]
Backport from master: Fixed Selenium download URL
Franck Villaume [Wed, 27 Aug 2014 12:22:29 +0000 (14:22 +0200)]
sync CHANGES
Matthieu Imbert [Wed, 27 Aug 2014 12:20:48 +0000 (14:20 +0200)]
fix-svn-activity-log-shift-on-empty-commit-message
Patch to fix a shift in Activity Subversion commit log messages when
some commit log messages are empty.
Signed-off-by: Matthieu Imbert <matthieu.imbert@inria.fr>
Signed-off-by: Franck Villaume <franck.villaume@trivialdev.com>
Franck Villaume [Wed, 27 Aug 2014 11:18:16 +0000 (13:18 +0200)]
fix [#715]: SQL error on activity tab with SVN init log
Franck Villaume [Tue, 26 Aug 2014 14:21:16 +0000 (16:21 +0200)]
sync CHANGES
Franck Villaume [Tue, 26 Aug 2014 14:19:47 +0000 (16:19 +0200)]
fix [#712]: Custom status extrafield not updateable using mass update
Franck Villaume [Thu, 21 Aug 2014 12:21:25 +0000 (14:21 +0200)]
fix [#711]: really this time
Franck Villaume [Thu, 21 Aug 2014 12:10:51 +0000 (14:10 +0200)]
fix [#711]: Project members list public even if project is private
Sylvain Beucler [Thu, 21 Aug 2014 08:49:07 +0000 (10:49 +0200)]
Merge remote-tracking branch 'upstream/Branch_5_3' into debian/5.3