[Bug 156792] Please sync gforge 4.6.99+svn6094-4 (universe) from Debian unstable (main)

Kees Cook kees at ubuntu.com
Wed Oct 24 19:51:21 BST 2007


Public bug reported:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/gforge
 status confirmed
 subscribe ubuntu-archive

Please sync gforge 4.6.99+svn6094-4  (universe) from Debian unstable
(main).

Explanation of the Ubuntu delta and why it can be dropped:
Upstream security fixes incorporated in Debian and upstream.

Changelog since current hardy version 4.5.14-23ubuntu2:

gforge (4.6.99+svn6094-4) unstable; urgency=low

  * Fixed a few script permissions and shebangs.
  * gforge-mta-courier should really depend on courier-mta.
  * Updated debian/po/de.po, from Helge Kreutzmann <debian at helgefjell.de>
    (closes: #444615).
  * Updated changelog entry for version 4.6.99+svn6094-1 to include the
    CVE ID.
  * Collect SVN stats every day, not only on Sundays.

 -- Roland Mas <lolando at debian.org>  Wed, 17 Oct 2007 15:22:56 +0200

gforge (4.6.99+svn6094-3) unstable; urgency=low

  * Merged in a patch from Christian Perrier and the Debian i18n and
    English l10n team, bringing better style to Debconf templates.
  * Also fixed encoding problems in debian/po/fr.po.

 -- Roland Mas <lolando at debian.org>  Wed, 26 Sep 2007 17:46:07 +0200

gforge (4.6.99+svn6094-2) unstable; urgency=low

  * Added Homepage: field to debian/control.
  * debian/patches/use-snoopy-from-distro.dpatch: Use the Snoopy class as
    provided by libphp-snoopy rather than shipping our own copy of it
    (closes: #443951).
  * Removed local copies from the binary packages, to be extra sure.
  * Updated debian/po/de.po, from Helge Kreutzmann <debian at helgefjell.de>
    (closes: #441250).
  * Make sure there's at least a dummy SSL certificate set up, even if
    it's the Snake Oil cert; the admin is expected to replace it with a
    real cert if possible, but this should ensure the initial SSL setup is
    at least working (closes: #433826).

 -- Roland Mas <lolando at debian.org>  Wed, 26 Sep 2007 15:44:35 +0200

gforge (4.6.99+svn6094-1) unstable; urgency=high

  * New SVN snapshot (r6094).  This includes a fix for an HTML injection
    vulnerability possibly leading to cross-site scripting
    (CVE-2007-3918), hence the high urgency.

 -- Roland Mas <lolando at debian.org>  Thu, 13 Sep 2007 09:44:05 +0200

gforge (4.6.99+svn6086-1) unstable; urgency=high

  * Re-added debian/po/*.po files that hadn't been ported to SVN trunk
    (closes: #439951).
  * Updated debian/po/fr.po, thanks to the debian-l10n-french team
    (closes: #440785).
  * Turned register_globals off.
  * Removed non-free RFCs from source package (closes: #440889).
  * New SVN snapshot (r6086).  This includes a fix for an SQL injection
    vulnerability (CVE-2007-3913), hence the high urgency.

 -- Roland Mas <lolando at debian.org>  Thu, 06 Sep 2007 13:43:45 +0200

gforge (4.6.99+svn6078-1) unstable; urgency=low

  * New SVN snapshot (r6078).
  * Removed unneeded Listen directives.
  * Fixed a couple of Lintian warnings along the way.

 -- Roland Mas <lolando at debian.org>  Sun, 26 Aug 2007 20:54:10 +0200

gforge (4.6.99+svn6070-2) experimental; urgency=low

  * Re-add an empty gforge-web-apache package for the transition to
    apache2.
  * Generate *.mo at build-time.

 -- Roland Mas <lolando at debian.org>  Sun, 26 Aug 2007 14:35:32 +0200

gforge (4.6.99+svn6070-1) experimental; urgency=low

  * SVN snapshot (based on revision 6070, with packaging patches).  Don't
    use for production!
  * Generate gforge-plugin-scmcvs and g-p-scmsvn from the gforge source
    package, since they're maintained in the same upstream repository.
  * New gforge-plugins-extra package, with other plugins.  Not necessarily
    well-tested (or even working).
  * Using local database to avoid problems with PostgreSQL not listening
    to TCP/IP connections by default (closes: #309276, #396127, #415650,
    #420751).
  * Removing support for Apache 1.3 and PostgreSQL < 8.2, since these
    packages are no longer in Debian.
  * Also removing support for LDAP for now, unless someone comes up ready
    to maintain it in a proper shape (closes: #237229, #241389, #296399,
    #296507, #372260, #378616).
  * Added dummy password for the gforge_mta and gforge_nss PostgreSQL
    users, since it no longer seems possible to use an empty password.
  * Fixed Postfix alias resolution (closes: #424697).
  * Actually display the Debconf question asking for an administrative
    password.  On the other hand, I don't think anybody cares for the
    database password, so that question can be skipped.
  * Made cronjobs silent.

 -- Roland Mas <lolando at debian.org>  Fri, 27 Jul 2007 21:21:46 +0200

gforge (4.5.14-25+963) unstable; urgency=low

  * Merged Branch_4_5 into trunk after svn conversion
  essentially debian and deb-specific dir, setup and install-apache.sh too
  * Separated gforge-web-apache in gforge-web-apache and gforge-web-apache2
  * Added support for php5
  * Don't setup ssl if certifcate are not there
  * Added dsf_helper/patch-apache.* 
  * Added a update_with_sql function in db-upgrade.pl and get in sync with
    latest db/*.sql
  * Fixed many typos in templates so lintian is happy
  * Removed php4 dependancies for gforge-db-postgresql and reordered
    postgresql one
  * Install plugins with gforge-web-apache 
  * Added mediawiki support
  * Increase version in db-upgrade.pl not to clash with 4.5 branch

 -- Christian Bayle <bayle at debian.org>  Sat, 30 Sep 2006 20:48:24 +0200


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHH5QaH/9LqRcGPm0RAlGGAKCZCq8RR9oQwiB/Xj9Qm7z0ZMJ/rQCfSHt4
YyllaL2wNXpIEzLzWH70ziA=
=NbKw
-----END PGP SIGNATURE-----

** Affects: gforge (Ubuntu)
     Importance: Undecided
         Status: Confirmed

-- 
Please sync gforge 4.6.99+svn6094-4  (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/156792
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.



More information about the ubuntu-archive mailing list