webcalendar (1.0.5-3) UNRELEASED; urgency=low

  * Debconf templates and debian/control reviewed by the debian-l10n-
    english team as part of the Smith review project. Closes: #422340
  * Debconf translation updates:
    - Galician. Closes: #423372
    - Czech. Closes: #423501
    - German. Closes: #423877
    - French. Closes: #424072
    - Basque. Closes: #424771
    - Brazilian Portuguese. Closes: #425611
    - Dutch. Closes: #425713
    - Spanish. Closes: #425849
    - Portuguese. Closes: #426133

 -- Christian Perrier <bubulle@debian.org>  Sat, 05 May 2007 15:20:09 +0200

webcalendar (1.0.5-2) unstable; urgency=low

  [ Rafael Laboissiere ]
  * New dpatches:
    + 05_translations-french-utf8: This patch adds file
      translations/French-UTF8.txt, which is mysteriously missing from the
      upstream tarball.  French-UTF8 is a valid language choice, but
      choosing it via the preferences page makes WebCalendar fail
      miserably.  This file is present in the 1.1.2 upstream tarball, so
      this patch will be eventually removed.
    + 06_send-reminder-paths: Set correctly the paths to the include and
      translation files (closes: #373907)
    + 07_SA23341-xss-vulnerability: Fixes cross-site scripting (XSS)
      vulnerability in export_handler.php that allows remote attackers to
      inject arbitrary web script or HTML via the format parameter (see
      http://secunia.com/advisories/23341).  The CVE id is CVE-2006-6669.
      Thanks to Thijs Kinkhorst for the patch (closes: #404234).
  * Changed dpatch:
    + 01_config_patch: In files user-app-postnuke.php, user-ldap.php,
      user-nis.php, and user.php, insure that the variables
      $user_can_update_password, $admin_can_add_user, and
      $admin_can_delete_user are really boolean.  Thanks to Barry
      Cornelius for the heads up (closes: #396217).

  * debian/rules: Added patch target, such that dpatch-convert-diffgz works

  * debian/webcalendar.postinst: Remove the commas in the answer for the
    multiselect question webcalendar/conf/httpd_conf
  * debian/webcalendar.templates:
    + Added apache-perl to the choice of web servers
    + Added question for restarting the web server at postinst time (the
      debconf question and associated config code were shamelessly stolen
      from the gallery2 package).
  * debian/webcalendar.config: Ask the user which web servers should be
    restarted
  * debian/webcalendar.postint: Renamed the linkapache function to
    apache_init and added code for restarting the web server

  [ Elizabeth Bevilacqua ]
  * edited order of dependencies

 -- Elizabeth Bevilacqua <lyz@princessleia.com>  Tue, 17 Apr 2007 14:22:26 -0400

webcalendar (1.0.5-1) unstable; urgency=low

  [ Elizabeth Bevilacqua ]
  * New upstream release (this version fixes vulnerability CVE-2007-1343)
  * debian/apache.conf - Turned register_globals Off (closes: #404297)
  * debian/control maintainer change for adoption of package
  * Revised Depends:, Recommends:, and Suggests:
  * Added debian/NEWS
  * Acknowledge NMUs:
    + Closes: #389543, thanks Steinar H. Gunderson
    + Closes: #374752, #381190, #384224, thanks Thijs Kinkhorst

  [ Rafael Laboissiere ]
  * debian/control:
    + Added my name to the Uploaders field
    + Added XS-Vcs-Svn and XS-Vcs-Browser fields
  * debian/watch: Fixed regular pattern to avoid considering
    WebCalendar-devel-* upstream tarballs
  * debian/patches/01_config_patch.dpatch: Removed part of this patch that
    was preventing die_miserable_death() to echo error messages
    (closes: #375308)
  * debian/patches/02_pgsql_patch.dpatch: Adapted for version 1.0.5
  * debian/webcalendar.links, debian/dirs, debian/install: Put the
    install SQL scripts in the correct place, such that they are found by
    dbconfig-common
  * debian/apache.conf: Declared index.php as a DirectoryIndex, such that
    the URL http://<host>/webcalendar/ works
  * debian/webcalendar.prerm: Added pre-removal script, which allows
    dbconfig-common to ask the user whether the database should be dropped
    on purge

 -- Elizabeth Bevilacqua <lyz@princessleia.com>  Sun, 15 Apr 2007 10:27:19 +0200

webcalendar (1.0.4-1.3) unstable; urgency=low

  * Non-maintainer upload to fix pending l10n issues.
  * Debconf translations:
    - Spanish. Closes: #403445
    - German. Closes: #396620

 -- Christian Perrier <bubulle@debian.org>  Thu, 22 Feb 2007 07:32:47 +0100

webcalendar (1.0.4-1.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Depend on mysql-client or postgresql-client, as this is needed by
    dbconfig-common (Closes: #389377).
  * Combine with i18n NMU campaign; add debconf translations:
    - Brazilian Portuguese by Herbert P Fortes Neto (Closes: #384224).
    - Portuguese by Miguel Figueiredo (Closes: #381190).
    - French by Steve Petruzzello (Closes: #374752).

 -- Thijs Kinkhorst <thijs@debian.org>  Thu, 12 Oct 2006 13:46:33 +0200

webcalendar (1.0.4-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Make webcalendar.config and webcalendar.postrm depend only on essential
    packages, by checking for the existence of dbconfig-common and ucf before
    attempting to use them. (Closes: #388239)

 -- Steinar H. Gunderson <sesse@debian.org>  Tue, 26 Sep 2006 12:51:42 +0200

webcalendar (1.0.4-1) unstable; urgency=high

  * New upstream release (closes: #363914)
  * Upstream release fixes CVE-2006-2762
  * Added French translation from Steve Petruzzello <dlist@bluewin.ch> (closes: #360187)
  * Restored dbconfig_oldconf.sh for upgrades from < 1.0.2
  * Fixed dbconfig_oldconf.sh to bail out if settings.php is not found
  * Renamed settings.php to settings.conf as settings.conf is not a php file
  * LDAP admin groups is fixed in upstream (closes: #308519)
  * Added Czech translation from Miroslav Kure <kurem@upcase.inf.upol.cz> (closes: #360286)
  * Previous NMUs fix a couple of problems (closes: #366927) (Closes: #360690)

 -- Tim Peeler <thp@linuxforce.net>  Sat, 10 Jun 2006 08:24:57 -0400

webcalendar (1.0.2-2.2) unstable; urgency=high

  * Non-maintainer upload by the Security Team
  * Urgency set to high, due to RC/Security bug fix.
  * added patches/02_login_lean.dpatch:
    + Unified error messages for unknown users and wrong passwords to prevent
      an information leak [includes/user.php, CVE-2006-2247].  thanks to
      Martin Shultze (closes: #366927).
  * Move debhelper and dpatch to Build-Depends (instead of
    Build-Depends-Indep).
  * Bump Standards-Version to 3.7.2 (no changes required).

 -- Pierre Habouzit <madcoder@debian.org>  Thu,  1 Jun 2006 22:45:40 +0200


webcalendar (1.0.2-2.1) unstable; urgency=low

  * Non-maintainer upload.
  * Fix debian/webcalendar.postinst and debian/webcalendar.config.
    Rename settings.conf to settings.php. Remove useless
    debian/tools. Closes: #360690.
  * Fix docs link (debian/webcalendar.links).

 -- Arnaud Fontaine <arnaud@andesi.org>  Thu, 20 Apr 2006 15:40:12 +0200

webcalendar (1.0.2-2) unstable; urgency=low


  * Fixed bug in README generation that made it appear to be XML and caused
    duplicate README generation (closes: #306275)
  * Added db_unregister to postinstall to remove all old templates
    (closes: #337624)
  * Fixed debconf templates (closes: #357723)
  * Fixed build-depends bug (closes: #358414)
  * Fixed a bug in SQL upgrade
  * added support to load old (<1.0.2-1) database settings for dbconfig-common
  * upstream fixed IE javascript issue in 1.0.2 (closes: #293643)

 -- Tim Peeler <thp@linuxforce.net>  Tue, 21 Mar 2006 09:00:18 -0500

webcalendar (1.0.2-1) unstable; urgency=high

  * New upstream release (closes: #333991)
    - Fixed local file overwrite vulnerability (CVE-2005-3961)
    - Fixed multiple SQL Injection vulnerabilities (CVE-2005-3949)
      (closes: #341208)
    - Fixed CRLF injection XSS/response splitting vulnerability (CVE-2005-3982)
    - Reportedly fixes SQL injection through the time_range parameter
      (CVE-2005-3984)
      (closes: #342090)
  * Changed to gettext based templates (closes: #351399)
  * Switched to using dbconfig-common for database configuration
    (closes: #351401)
  * Enhanced config mechanism to support easier configuration and more
    flexibility (closes: #293650)
  * Include watch file (closes: #333789)
  * Many bug fixes from upstream.

 -- Tim Peeler <thp@linuxforce.net>  Tue,  7 Mar 2006 10:12:58 -0500

webcalendar (0.9.45-7) unstable; urgency=high

  * Real fix for CAN-2005-2717, previous fix was the wrong patch.

 -- Tim Peeler <thp@linuxforce.net>  Fri,  2 Sep 2005 13:26:38 +0000

webcalendar (0.9.45-6) unstable; urgency=high

  * Fixed a bug in assistant_edit.php that allows unauthorized access
    (closes: #315671)

 -- Tim Peeler <thp@devel.localnet>  Mon, 11 Jul 2005 17:56:02 -0400
q
webcalendar (0.9.45-5) unstable; urgency=low

  * Fixed a bug in the postinst that doesn't set permissions of settings.php
    correctly on upgrade (closes: #312821)
  * Fixed a bug in user-ldap.php which used the wrong arguments to
    ldap_error() (closes: #308500)
  * Fixed a bug in user-ldap.php which prevented connecting to the openldap
    because openldap no longer allows LDAPv2 by default (closes: #308501)

 -- Tim Peeler <thp@linuxforce.net>  Mon, 13 Jun 2005 17:55:32 -0500

webcalendar (0.9.45-4) unstable; urgency=low

  * Fixed a bug in the postinst script that prevented installation when
    passwords were non-alphanumeric (closes: #296935)
  * Changed template to make passwords of debconf type password instead
    of string (closes: #298475)
  * Fixed postinst to purge database password after sql client completes
    installation (closes: #302625, #302631)
  * Added a chmod to postinst to prevent world read of settings.php
    (closes: #303016)
  * Fixed prerm to remove settings.php when doing a purge (closes: #298476)

 -- Tim Peeler <thp@linuxforce.net>  Fri, 25 Mar 2005 12:41:20 -0500

webcalendar (0.9.45-3) unstable; urgency=low

  * removed mysql-server or postgres requirements (closes: #291590)
  * added patch to fix sql injection bug CAN-2005-0474 (closes: #295960, #296280)

 -- Tim Peeler <thp@linuxforce.net>  Wed, 22 Dec 2004 10:18:14 -0500

webcalendar (0.9.45-2) unstable; urgency=low

  * fixed a problem with postinst (closes: #286405)

 -- Tim Peeler <thp@linuxforce.net>  Wed, 22 Dec 2004 10:18:14 -0500

webcalendar (0.9.45-1) unstable; urgency=low

  * new version of webcalendar (adds security enhancements)
  * added a post install configure script
  * added depends for php4-mysql | php4-pgsql (closes: #285795)
  * moved docs/* to /usr/share/doc/webcalendar (closes: #285798)
  * created a README (closes: #285183)
  * changed short description (closes: #285680)

 -- Tim Peeler <thp@linuxforce.net>  Tue, 14 Dec 2004  3:34:15 -0500

webcalendar (0.9.44-1) unstable; urgency=low

  * Initial Release. (closes: #261761)

 -- Tim Peeler <thp@linuxforce.net>  Mon, 08 Nov 2004  2:52:08 -0500

