[Bug 156792] Please sync gforge 4.6.99+svn6094-4 (universe) from Debian unstable (main)
Kees Cook
kees at ubuntu.com
Wed Oct 24 19:51:21 BST 2007
Public bug reported:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/gforge
status confirmed
subscribe ubuntu-archive
Please sync gforge 4.6.99+svn6094-4 (universe) from Debian unstable
(main).
Explanation of the Ubuntu delta and why it can be dropped:
Upstream security fixes incorporated in Debian and upstream.
Changelog since current hardy version 4.5.14-23ubuntu2:
gforge (4.6.99+svn6094-4) unstable; urgency=low
* Fixed a few script permissions and shebangs.
* gforge-mta-courier should really depend on courier-mta.
* Updated debian/po/de.po, from Helge Kreutzmann <debian at helgefjell.de>
(closes: #444615).
* Updated changelog entry for version 4.6.99+svn6094-1 to include the
CVE ID.
* Collect SVN stats every day, not only on Sundays.
-- Roland Mas <lolando at debian.org> Wed, 17 Oct 2007 15:22:56 +0200
gforge (4.6.99+svn6094-3) unstable; urgency=low
* Merged in a patch from Christian Perrier and the Debian i18n and
English l10n team, bringing better style to Debconf templates.
* Also fixed encoding problems in debian/po/fr.po.
-- Roland Mas <lolando at debian.org> Wed, 26 Sep 2007 17:46:07 +0200
gforge (4.6.99+svn6094-2) unstable; urgency=low
* Added Homepage: field to debian/control.
* debian/patches/use-snoopy-from-distro.dpatch: Use the Snoopy class as
provided by libphp-snoopy rather than shipping our own copy of it
(closes: #443951).
* Removed local copies from the binary packages, to be extra sure.
* Updated debian/po/de.po, from Helge Kreutzmann <debian at helgefjell.de>
(closes: #441250).
* Make sure there's at least a dummy SSL certificate set up, even if
it's the Snake Oil cert; the admin is expected to replace it with a
real cert if possible, but this should ensure the initial SSL setup is
at least working (closes: #433826).
-- Roland Mas <lolando at debian.org> Wed, 26 Sep 2007 15:44:35 +0200
gforge (4.6.99+svn6094-1) unstable; urgency=high
* New SVN snapshot (r6094). This includes a fix for an HTML injection
vulnerability possibly leading to cross-site scripting
(CVE-2007-3918), hence the high urgency.
-- Roland Mas <lolando at debian.org> Thu, 13 Sep 2007 09:44:05 +0200
gforge (4.6.99+svn6086-1) unstable; urgency=high
* Re-added debian/po/*.po files that hadn't been ported to SVN trunk
(closes: #439951).
* Updated debian/po/fr.po, thanks to the debian-l10n-french team
(closes: #440785).
* Turned register_globals off.
* Removed non-free RFCs from source package (closes: #440889).
* New SVN snapshot (r6086). This includes a fix for an SQL injection
vulnerability (CVE-2007-3913), hence the high urgency.
-- Roland Mas <lolando at debian.org> Thu, 06 Sep 2007 13:43:45 +0200
gforge (4.6.99+svn6078-1) unstable; urgency=low
* New SVN snapshot (r6078).
* Removed unneeded Listen directives.
* Fixed a couple of Lintian warnings along the way.
-- Roland Mas <lolando at debian.org> Sun, 26 Aug 2007 20:54:10 +0200
gforge (4.6.99+svn6070-2) experimental; urgency=low
* Re-add an empty gforge-web-apache package for the transition to
apache2.
* Generate *.mo at build-time.
-- Roland Mas <lolando at debian.org> Sun, 26 Aug 2007 14:35:32 +0200
gforge (4.6.99+svn6070-1) experimental; urgency=low
* SVN snapshot (based on revision 6070, with packaging patches). Don't
use for production!
* Generate gforge-plugin-scmcvs and g-p-scmsvn from the gforge source
package, since they're maintained in the same upstream repository.
* New gforge-plugins-extra package, with other plugins. Not necessarily
well-tested (or even working).
* Using local database to avoid problems with PostgreSQL not listening
to TCP/IP connections by default (closes: #309276, #396127, #415650,
#420751).
* Removing support for Apache 1.3 and PostgreSQL < 8.2, since these
packages are no longer in Debian.
* Also removing support for LDAP for now, unless someone comes up ready
to maintain it in a proper shape (closes: #237229, #241389, #296399,
#296507, #372260, #378616).
* Added dummy password for the gforge_mta and gforge_nss PostgreSQL
users, since it no longer seems possible to use an empty password.
* Fixed Postfix alias resolution (closes: #424697).
* Actually display the Debconf question asking for an administrative
password. On the other hand, I don't think anybody cares for the
database password, so that question can be skipped.
* Made cronjobs silent.
-- Roland Mas <lolando at debian.org> Fri, 27 Jul 2007 21:21:46 +0200
gforge (4.5.14-25+963) unstable; urgency=low
* Merged Branch_4_5 into trunk after svn conversion
essentially debian and deb-specific dir, setup and install-apache.sh too
* Separated gforge-web-apache in gforge-web-apache and gforge-web-apache2
* Added support for php5
* Don't setup ssl if certifcate are not there
* Added dsf_helper/patch-apache.*
* Added a update_with_sql function in db-upgrade.pl and get in sync with
latest db/*.sql
* Fixed many typos in templates so lintian is happy
* Removed php4 dependancies for gforge-db-postgresql and reordered
postgresql one
* Install plugins with gforge-web-apache
* Added mediawiki support
* Increase version in db-upgrade.pl not to clash with 4.5 branch
-- Christian Bayle <bayle at debian.org> Sat, 30 Sep 2006 20:48:24 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHH5QaH/9LqRcGPm0RAlGGAKCZCq8RR9oQwiB/Xj9Qm7z0ZMJ/rQCfSHt4
YyllaL2wNXpIEzLzWH70ziA=
=NbKw
-----END PGP SIGNATURE-----
** Affects: gforge (Ubuntu)
Importance: Undecided
Status: Confirmed
--
Please sync gforge 4.6.99+svn6094-4 (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/156792
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list