Accepted webcalendar 1.0.5-3 (source)

Ubuntu Installer archive at ubuntu.com
Thu May 3 09:35:05 BST 2007


Accepted:
webcalendar 1.0.5-3 was ACCEPTED.
	Component: universe Section: web

Origin: Debian/unstable
Format: 1.7
Date: Wed,  02 May 2007 14:20:39 +0100
Source: webcalendar
Binary: webcalendar
Architecture: source
Version: 1.0.5-3
Distribution: gutsy
Urgency: high
Maintainer: Elizabeth Bevilacqua <lyz at princessleia.com>
Changed-By: Ubuntu Archive Auto-Sync <archive at ubuntu.com>
Description: 
 webcalendar - PHP-Based multi-user calendar
Closes: 261761 285183 285680 285795 285798 286405 291590 293643 293650 295960 296280 296935 298475 298476 302625 302631 303016 306275 308500 308501 308519 312821 315671 333789 333991 337624 341208 342090 351399 351401 357723 358414 360187 360286 360690 360690 363914 366927 366927 373907 374752 374752 375308 381190 381190 384224 384224 388239 389377 389543 393832 396217 396620 403445 404234 404297 419570
Changes: 
 webcalendar (1.0.5-3) unstable; urgency=low
 .
   * Added php5 support (closes: 393832, 419570)
 .
 webcalendar (1.0.5-2) unstable; urgency=low
 .
   [ Rafael Laboissiere ]
   * New dpatches:
     + 05_translations-french-utf8: This patch adds file
       translations/French-UTF8.txt, which is mysteriously missing from the
       upstream tarball.  French-UTF8 is a valid language choice, but
       choosing it via the preferences page makes WebCalendar fail
       miserably.  This file is present in the 1.1.2 upstream tarball, so
       this patch will be eventually removed.
     + 06_send-reminder-paths: Set correctly the paths to the include and
       translation files (closes: #373907)
     + 07_SA23341-xss-vulnerability: Fixes cross-site scripting (XSS)
       vulnerability in export_handler.php that allows remote attackers to
       inject arbitrary web script or HTML via the format parameter (see
       http://secunia.com/advisories/23341).  The CVE id is CVE-2006-6669.
       Thanks to Thijs Kinkhorst for the patch (closes: #404234).
   * Changed dpatch:
     + 01_config_patch: In files user-app-postnuke.php, user-ldap.php,
       user-nis.php, and user.php, insure that the variables
       $user_can_update_password, $admin_can_add_user, and
       $admin_can_delete_user are really boolean.  Thanks to Barry
       Cornelius for the heads up (closes: #396217).
 .
   * debian/rules: Added patch target, such that dpatch-convert-diffgz works
 .
   * debian/webcalendar.postinst: Remove the commas in the answer for the
     multiselect question webcalendar/conf/httpd_conf
   * debian/webcalendar.templates:
     + Added apache-perl to the choice of web servers
     + Added question for restarting the web server at postinst time (the
       debconf question and associated config code were shamelessly stolen
       from the gallery2 package).
   * debian/webcalendar.config: Ask the user which web servers should be
     restarted
   * debian/webcalendar.postint: Renamed the linkapache function to
     apache_init and added code for restarting the web server
 .
   [ Elizabeth Bevilacqua ]
   * edited order of dependencies
 .
 webcalendar (1.0.5-1) unstable; urgency=low
 .
   [ Elizabeth Bevilacqua ]
   * New upstream release (this version fixes vulnerability CVE-2007-1343)
   * debian/apache.conf - Turned register_globals Off (closes: #404297)
   * debian/control maintainer change for adoption of package
   * Revised Depends:, Recommends:, and Suggests:
   * Added debian/NEWS
   * Acknowledge NMUs:
     + Closes: #389543, thanks Steinar H. Gunderson
     + Closes: #374752, #381190, #384224, thanks Thijs Kinkhorst
 .
   [ Rafael Laboissiere ]
   * debian/control:
     + Added my name to the Uploaders field
     + Added XS-Vcs-Svn and XS-Vcs-Browser fields
   * debian/watch: Fixed regular pattern to avoid considering
     WebCalendar-devel-* upstream tarballs
   * debian/patches/01_config_patch.dpatch: Removed part of this patch that
     was preventing die_miserable_death() to echo error messages
     (closes: #375308)
   * debian/patches/02_pgsql_patch.dpatch: Adapted for version 1.0.5
   * debian/webcalendar.links, debian/dirs, debian/install: Put the
     install SQL scripts in the correct place, such that they are found by
     dbconfig-common
   * debian/apache.conf: Declared index.php as a DirectoryIndex, such that
     the URL http://<host>/webcalendar/ works
   * debian/webcalendar.prerm: Added pre-removal script, which allows
     dbconfig-common to ask the user whether the database should be dropped
     on purge
 .
 webcalendar (1.0.4-1.3) unstable; urgency=low
 .
   * Non-maintainer upload to fix pending l10n issues.
   * Debconf translations:
     - Spanish. Closes: #403445
     - German. Closes: #396620
 .
 webcalendar (1.0.4-1.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Depend on mysql-client or postgresql-client, as this is needed by
     dbconfig-common (Closes: #389377).
   * Combine with i18n NMU campaign; add debconf translations:
     - Brazilian Portuguese by Herbert P Fortes Neto (Closes: #384224).
     - Portuguese by Miguel Figueiredo (Closes: #381190).
     - French by Steve Petruzzello (Closes: #374752).
 .
 webcalendar (1.0.4-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Make webcalendar.config and webcalendar.postrm depend only on essential
     packages, by checking for the existence of dbconfig-common and ucf before
     attempting to use them. (Closes: #388239)
 .
 webcalendar (1.0.4-1) unstable; urgency=high
 .
   * New upstream release (closes: #363914)
   * Upstream release fixes CVE-2006-2762
   * Added French translation from Steve Petruzzello <dlist at bluewin.ch> (closes: #360187)
   * Restored dbconfig_oldconf.sh for upgrades from < 1.0.2
   * Fixed dbconfig_oldconf.sh to bail out if settings.php is not found
   * Renamed settings.php to settings.conf as settings.conf is not a php file
   * LDAP admin groups is fixed in upstream (closes: #308519)
   * Added Czech translation from Miroslav Kure <kurem at upcase.inf.upol.cz> (closes: #360286)
   * Previous NMUs fix a couple of problems (closes: #366927) (Closes: #360690)
 .
 webcalendar (1.0.2-2.2) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team
   * Urgency set to high, due to RC/Security bug fix.
   * added patches/02_login_lean.dpatch:
     + Unified error messages for unknown users and wrong passwords to prevent
       an information leak [includes/user.php, CVE-2006-2247].  thanks to
       Martin Shultze (closes: #366927).
   * Move debhelper and dpatch to Build-Depends (instead of
     Build-Depends-Indep).
   * Bump Standards-Version to 3.7.2 (no changes required).
 .
 .
 webcalendar (1.0.2-2.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Fix debian/webcalendar.postinst and debian/webcalendar.config.
     Rename settings.conf to settings.php. Remove useless
     debian/tools. Closes: #360690.
   * Fix docs link (debian/webcalendar.links).
 .
 webcalendar (1.0.2-2) unstable; urgency=low
 .
 .
   * Fixed bug in README generation that made it appear to be XML and caused
     duplicate README generation (closes: #306275)
   * Added db_unregister to postinstall to remove all old templates
     (closes: #337624)
   * Fixed debconf templates (closes: #357723)
   * Fixed build-depends bug (closes: #358414)
   * Fixed a bug in SQL upgrade
   * added support to load old (<1.0.2-1) database settings for dbconfig-common
   * upstream fixed IE javascript issue in 1.0.2 (closes: #293643)
 .
 webcalendar (1.0.2-1) unstable; urgency=high
 .
   * New upstream release (closes: #333991)
     - Fixed local file overwrite vulnerability (CVE-2005-3961)
     - Fixed multiple SQL Injection vulnerabilities (CVE-2005-3949)
       (closes: #341208)
     - Fixed CRLF injection XSS/response splitting vulnerability (CVE-2005-3982)
     - Reportedly fixes SQL injection through the time_range parameter
       (CVE-2005-3984)
       (closes: #342090)
     - assistant_edit.php unauthorized access vulnerability
       (CVE-2005-2320) was fixed in release 1.0.0
   * Changed to gettext based templates (closes: #351399)
   * Switched to using dbconfig-common for database configuration
     (closes: #351401)
   * Enhanced config mechanism to support easier configuration and more
     flexibility (closes: #293650)
   * Include watch file (closes: #333789)
   * Many bug fixes from upstream.
 .
 webcalendar (0.9.45-7) unstable; urgency=high
 .
   * Real fix for CAN-2005-2717, previous fix was the wrong patch.
 .
 webcalendar (0.9.45-6) unstable; urgency=high
 .
   * Fixed a bug in assistant_edit.php that allows unauthorized access
     (closes: #315671)
 .
 webcalendar (0.9.45-5) unstable; urgency=low
 .
   * Fixed a bug in the postinst that doesn't set permissions of settings.php
     correctly on upgrade (closes: #312821)
   * Fixed a bug in user-ldap.php which used the wrong arguments to
     ldap_error() (closes: #308500)
   * Fixed a bug in user-ldap.php which prevented connecting to the openldap
     because openldap no longer allows LDAPv2 by default (closes: #308501)
 .
 webcalendar (0.9.45-4) unstable; urgency=low
 .
   * Fixed a bug in the postinst script that prevented installation when
     passwords were non-alphanumeric (closes: #296935)
   * Changed template to make passwords of debconf type password instead
     of string (closes: #298475)
   * Fixed postinst to purge database password after sql client completes
     installation (closes: #302625, #302631)
   * Added a chmod to postinst to prevent world read of settings.php
     (closes: #303016)
   * Fixed prerm to remove settings.php when doing a purge (closes: #298476)
 .
 webcalendar (0.9.45-3) unstable; urgency=low
 .
   * removed mysql-server or postgres requirements (closes: #291590)
   * added patch to fix sql injection bug CAN-2005-0474 (closes: #295960, #296280)
 .
 webcalendar (0.9.45-2) unstable; urgency=low
 .
   * fixed a problem with postinst (closes: #286405)
 .
 webcalendar (0.9.45-1) unstable; urgency=low
 .
   * new version of webcalendar (adds security enhancements)
   * added a post install configure script
   * added depends for php4-mysql | php4-pgsql (closes: #285795)
   * moved docs/* to /usr/share/doc/webcalendar (closes: #285798)
   * created a README (closes: #285183)
   * changed short description (closes: #285680)
 .
 webcalendar (0.9.44-1) unstable; urgency=low
 .
   * Initial Release. (closes: #261761)
Files: 
 77bad8d72f73bb026f880d7abc8cf51a 39624 web optional webcalendar_1.0.5-3.diff.gz
 003f730a3c48bfa7b384104b89b84d34 890163 web optional webcalendar_1.0.5.orig.tar.gz
 a99aa066e30c913aae122627b235a2d7 836 web optional webcalendar_1.0.5-3.dsc





More information about the gutsy-changes mailing list