drupal7 (7.56-1) unstable; urgency=high * New upstream release * Fixes security vulnerability: SA-CORE-2017-003: Files uploaded by anonymous users into a private file system can be accessed by other anonymous users. (CVE-2017-6922) (Closes: #865498) -- Gunnar Wolf Thu, 22 Jun 2017 11:59:07 -0500 drupal7 (7.52-2) unstable; urgency=medium * Added the Druplicon in vector format, providing the preferred form of modification for an icon used in several places throughout the package. Thanks to Sean Whitton for the pointer! -- Gunnar Wolf Tue, 13 Dec 2016 11:09:27 -0600 drupal7 (7.52-1) unstable; urgency=high * New upstream version * Fixes multiple security vulnerabilities (SA-CORE-2016-005; CVEs not yet issued): - Inconsistent name for term access query can lead to information disclosure - Confirmation form allows external URL injection * Updated compat version to 10 -- Gunnar Wolf Thu, 17 Nov 2016 11:11:26 -0600 drupal7 (7.50-2) unstable; urgency=medium * Modifying MySQL dependencies according to the recommendations of the pkg-mysql team (see msgid:1472973251.19451.2.camel@XPS-L322X in debian-devel-announce) -- Gunnar Wolf Fri, 23 Sep 2016 12:05:35 -0500 drupal7 (7.50-1) unstable; urgency=low * New upstream release * PHP 7 support has been merged upstream; drop the patch introduced in May (7.43-2) -- Gunnar Wolf Wed, 27 Jul 2016 17:01:33 -0500 drupal7 (7.44-2) unstable; urgency=low * Added dependency on php-xml (Closes: #828027) -- Gunnar Wolf Mon, 25 Jul 2016 14:12:13 -0500 drupal7 (7.44-1) unstable; urgency=high * New upstream version * Fixes a security vulnerability (SA-CORE-2016-002): Privilege escalation (within the webapp users realm) -- Gunnar Wolf Wed, 15 Jun 2016 18:22:14 -0500 drupal7 (7.43-3) unstable; urgency=medium * Moved the farbstatic sources from debian/missing-sources todebian/missing-sources/misc, to keep lintian happy * The right name for one of our conditional dependencies is no longer php-sqlite, but php-sqlite3. Thanks to Nish Aravamudan for pointing this out! -- Gunnar Wolf Mon, 09 May 2016 12:25:34 -0500 drupal7 (7.43-2) unstable; urgency=medium * Update dependencies to use PHP 7 instead of 5 (Closes: #821482) * Updated debian/watch to work reliably * Standards-version 3.9.6.0→3.9.8 (no changes needed) -- Gunnar Wolf Mon, 09 May 2016 10:54:11 -0500 drupal7 (7.43-1) unstable; urgency=high * New upstream version * Fixes several security vulnerabilities (SA-CORE-2016-001): File upload access bypass and DoS, brute force amplification attack via XML-RPC, open redirect via path manipulation, reflected file download, wrong modes set on some user accounts setting saves, information disclosure of email addresses * Several non-security bugfixes from 7.42 included * Fix typo in README.Debian * Add several needed lintian overrides -- Gunnar Wolf Thu, 25 Feb 2016 22:43:55 -0600 drupal7 (7.41-1) unstable; urgency=medium * New upstream version * Fixes a security vulnerability (SA-CORE-2015-004) that allows for an open redirect (but limited to already administrative users) * Several non-security bugfixess from 7.40 included -- Gunnar Wolf Wed, 21 Oct 2015 21:31:56 -0500 drupal7 (7.39-1) unstable; urgency=high * Set myself as the maintainer, Luigi as an uploader (to more reliably get bug notifications) * New upstream version * Fixes a security vulnerability (SA-CORE-2015-003) that can lead to cross site scripting, access bypass, SQL injection, open redirect. -- Gunnar Wolf Thu, 18 Jun 2015 11:38:33 -0500 drupal7 (7.38-1) unstable; urgency=high * New upstream version * Removed patches covering the differences since 7.32, as the freeze and release are done. * Several vulnerabilities fixed: SA-CORE-2015-002 + Impersonation (OpenID module - Drupal 6 and 7): CVE-2015-3234 + Open redirect (Field UI module - Drupal 7): CVE-2015-3232 + Open redirect (Overlay module - Drupal 7: CVE-2015-3233 + Information disclosure (Render cache system - Drupal 7): CVE-2015-3231 -- Gunnar Wolf Wed, 17 Jun 2015 17:04:10 -0500 drupal7 (7.32-1+deb8u3) unstable; urgency=medium * Added missing DEP3 headers to SA-CORE-2015-001 patch -- Gunnar Wolf Thu, 19 Mar 2015 09:54:35 -0600 drupal7 (7.32-1+deb8u2) unstable; urgency=high * Backported from 7.35: SA-CORE-2015-001 (Access bypass on password reset URLs; Open redirect) -- Gunnar Wolf Wed, 18 Mar 2015 14:20:17 -0600 drupal7 (7.32-1+deb8u1) unstable; urgency=high * Updated the VCS URL in debian/control as git.debian.org is deprecated * Debian has frozen! We will start backporting the important fixes to 7.32 * Backported from 7.34: SA-CORE-2014-006 (Session hijacking CVE-2014- 9015, Denial of service CVE-2014-9016) * Several minor reliability fixes backported from 7.33 -- Gunnar Wolf Wed, 15 Oct 2014 12:45:29 -0500 drupal7 (7.32-1) unstable; urgency=critical * New upstream release * Fixes highly critical security risk CVE-2014-3704; SA-CORE-2014-005 (SQL injection) * Standards-version 3.9.5 → 3.9.6 (no changes needed) -- Gunnar Wolf Wed, 15 Oct 2014 11:22:26 -0500 drupal7 (7.31-1) unstable; urgency=high * New upstream release * Fixes SA-CORE-2014-004 (XML-RPC endpoint vulnerable to an XML entity expansion attack and other related attacks which can lead to a DoS: CPU and memory exhaustion, DB resource starvation) * This is the "Congratulations to Octavio and Claudia" upload. -- Gunnar Wolf Wed, 06 Aug 2014 22:48:19 -0500 drupal7 (7.30-1) unstable; urgency=low * New upstream release -- Gunnar Wolf Mon, 28 Jul 2014 11:06:19 -0500 drupal7 (7.29-1) unstable; urgency=high * New upstream release * Fixes SA-CORE-2014-003 (Denial of service; access bypass; 2×cross- site scripting) (Closes: #755038) * Setting urgency as high due to the security issues this release closes. * Add a build-dependency on yui-compressor and actually build the minified JS files excluded from the package. (Closes: #750666) * Added lintian overrides for shipped sources, specific JS version -- Gunnar Wolf Thu, 17 Jul 2014 07:42:19 -0500 drupal7 (7.28+dfsg-1) unstable; urgency=low * New upstream release * Dropped patch "fix_ajax_regression" - incorporated upstream * Added support for SQLite installs (Closes: #712991) -- Gunnar Wolf Thu, 29 May 2014 16:08:41 -0500 drupal7 (7.27+dfsg2-2) unstable; urgency=low * Remove the (now meaningless) numbering from debian/patches/* * Fixed a regression caused by the backported 7.27 fix which breaks IE8 (see https://drupal.org/node/2245331#comment-8699683) -- Gunnar Wolf Thu, 24 Apr 2014 13:26:53 -0500 drupal7 (7.27+dfsg2-1) unstable; urgency=high * Reverted to the upstream-provided versions of jquery, jquery-cookie, jquery-form and jquery-ui, as the Debian-packaged versions do not work with Drupal7 :-( * Raised urgency to high, as my last upload introduces heavy breakage. Sorry! :-( * Reopening bug #699286, as it can not be easily fixed. Upstream does not want to change their shipped versions, and we don't want to deviate so far from them. -- Gunnar Wolf Mon, 21 Apr 2014 13:08:09 -0500 drupal7 (7.27+dfsg-1) unstable; urgency=medium * Corrected the Vcs-Browser field in debian/control * Rewrote debian/copyright following the DEP5 format, in order to exclude from the orig.tar.gz all of the minified files from jquery (Closes: #735769) * Dropped patch 30_DFSG-sources.patch, as those files are now excluded and no longer sourceless. * Added dependencies on libjs-jquery, libjs-jquery-cookie, libjs- jquery-form, libjs-jquery-ui and build-dependency on libjs-jquery-ui in order to remove library copies (and sourceless minified Javascript files) from build (Closes: #699286) * Fix wrong symlink for /etc/apache2/conf-available/drupal7.conf (Closes: #738918) -- Gunnar Wolf Wed, 16 Apr 2014 23:08:12 -0500 drupal7 (7.27-1) unstable; urgency=high * New upstream release * Setting urgency as high as this release closes a security issue (information disclosure) --- https://drupal.org/SA-CORE-2014-002 -- Gunnar Wolf Wed, 16 Apr 2014 22:44:28 -0500 drupal7 (7.26-1) unstable; urgency=high * New upstream release * Setting urgency to high as this release closes several important vulnerabilities; see advisory in https://drupal.org/SA-CORE-2014-001 + Impersionation while using OpenID + Access bypass in the taxonomy module + Security hardening in the Form API -- Gunnar Wolf Wed, 15 Jan 2014 16:33:24 -0600 drupal7 (7.24-2) unstable; urgency=low * Update packaging+instructions for the Apache 2.4 configuration style changes (Closes: #669742) * Avoid some errors when running the cron shell script (Closes: #717522) * Debian policy updated to 3.9.5.0 (no changes needed) -- Gunnar Wolf Fri, 29 Nov 2013 13:27:45 -0600 drupal7 (7.24-1) unstable; urgency=high * New upstream release * Setting urgency to high as this release closes several high profile vulnerabilities; see advisory in https://drupal.org/SA-CORE-2013-003 * Added a sample /usr/share/doc/files.htaccess and a corresponding note in NEWS.Debian as local administrators should use it to avoid remote code execution -- Gunnar Wolf Wed, 20 Nov 2013 19:01:24 -0600 drupal7 (7.23-1) unstable; urgency=low * New upstream release * Updated the Vcs fields in debian/control to point to the new git repository -- Gunnar Wolf Thu, 29 Aug 2013 13:59:24 -0500 drupal7 (7.22-2) unstable; urgency=low * Move debian/dbconfig.template to usr/share/drupal7/templates instead of being in /usr/share/doc/drupal7 (Closes: #710065) -- Gunnar Wolf Mon, 24 Jun 2013 18:55:45 -0500 drupal7 (7.22-1) unstable; urgency=low [ Luigi Gangitano ] * New upstream release (Closes: #685006) - Remove patches integrated upstream + debian/patches/40_SA-CORE-2012-003 + debian/patches/50_SA-CORE-2012-004 + debian/patches/60_SA-CORE-2013-001 + debian/patches/70_SA-CORE-2013-002 - Fixes Test module failure with curl >= 5.4.4 (Closes: #703322) * debian/control - Bumped Standard-Version to 3.9.4, no change needed - Added Gunnar Wolf to Uploaders * debian/cron.sh - Fixed CRON_KEY not resetting each loop iteration (Closes: #659848) (Thanks to Michael Wikberg ) - Fixed missing report of errors except last one (Closes: #689333) (Thanks to Gunnar Wolf ) * debian/README.Debian - Fixed location of locally installed modules (Closes: #685333) * debian/watch - Updated by Bart Martens -- Luigi Gangitano Sat, 20 Apr 2013 18:29:57 +0200 drupal7 (7.14-2) unstable; urgency=high [ Luigi Gangitano ] * Urgency high due to security fixes * Acknowledge NMUs from Gunnar Wolf * Incorporated fix for DoS on image derivative generation (Ref: SA-CORE-2013-002, CVE-2013-0316) (Closes: #701165) * Removed update warnings for Drupal core, since security fixes are provided by Debian updates. (Closes: #700545) -- Luigi Gangitano Sat, 23 Feb 2013 15:12:35 +0100 drupal7 (7.14-1.3) unstable; urgency=low * Non-maintainer upload. * Incorporated the fix for SA-CORE-2013-001 (the full diff between 7.18 and 7.19) (Closes: #698334) * Added the missing DEP3 header to the patch introduced in 7.14-1.2 -- Gunnar Wolf Tue, 29 Jan 2013 12:21:13 -0600 drupal7 (7.14-1.2) unstable; urgency=low * Non-maintainer upload. * Incorporated the fix for SA-CORE-2012-004 (the full diff between 7.17 and 7.18) -- Gunnar Wolf Fri, 11 Jan 2013 17:57:47 -0600 drupal7 (7.14-1.1) unstable; urgency=low * Non-maintainer upload. * Incorporated the fix for SA-CORE-2012-003 (the full diff between 7.15 and 7.16) -- Gunnar Wolf Fri, 19 Oct 2012 13:08:29 -0500 drupal7 (7.14-1) unstable; urgency=high [ Luigi Gangitano ] * Urgency high due to security fixes * New upstream release - Fixes DoS, Unvalidated Form Redirect, Multiple Vulnerabilities (Ref: SA-CORE-2012-002, CVE-2012-1588,CVE-2012-1589, CVE-2012-1590,i CVE-2012-1591) (Closes: #671402) - Fixes errors in install.php (Closes: #670415) * debian/control - Bumped Standard-Version to 3.9.3.0, no change needed -- Luigi Gangitano Thu, 10 May 2012 20:21:41 +0200 drupal7 (7.12-1) unstable; urgency=low [ Luigi Gangitano ] * New upstream release -- Luigi Gangitano Thu, 15 Feb 2012 21:51:54 +0100 drupal7 (7.11-1) unstable; urgency=high [ Luigi Gangitano ] * Urgency high due to security fixes * New upstream release - Fixes Access bypass, Cross Site Request Forgery, Multiple vulnerabilities (Ref: SA-CORE-2012-001, CVE-2012-0825, CVE-2012-0826, CVE-2012-0827) (Closes: #658337) -- Luigi Gangitano Sun, 05 Feb 2012 18:16:47 +0100 drupal7 (7.10-1.1) unstable; urgency=low * Non-maintainer upload. * debian/rules: set PACKAGE variable. (Closes: #655794) * Remove debian/README.source (no longer uses dpatch). -- Ansgar Burchardt Sat, 21 Jan 2012 12:02:49 +0100 drupal7 (7.10-1) unstable; urgency=low [ Luigi Gangitano ] * New upstream release (closes: #652544) * debian/* - Switch to source format 3.0 (quilt) -- Luigi Gangitano Mon, 26 Dec 2011 17:48:10 +0100 drupal7 (7.9-1) unstable; urgency=low [ Luigi Gangitano ] * New upstream release (Closes: #647168) * debian/{cron.sh,README.Debian,etc/settings.php} - Added secret key in cron job (Closes: 639387) (thanks to Christoph Schindler) -- Luigi Gangitano Wed, 02 Nov 2011 18:48:16 +0100 drupal7 (7.8-1) unstable; urgency=low [ Luigi Gangitano ] * New upstream release (Closes: #640078) * debian/docs - Removed duplicate CHANGELOG entry * debian/rules - Added missing targets binary-arch build-arch build-indep -- Luigi Gangitano Sun, 04 Sep 2011 21:22:24 +0200 drupal7 (7.6-1) unstable; urgency=high [ Luigi Gangitano ] * Urgency high due to security fixes * New upstream release - Fixes access bypass in private file fields and comments (Ref: SA-CORE-2011-003, CVE-TBA) -- Luigi Gangitano Thu, 28 Jul 2011 02:17:32 +0200 drupal7 (7.4-1) unstable; urgency=high [ Luigi Gangitano ] * Urgency high due to security fixes * New upstream release (Closes: #633385) * debian/control - Bumped Standard-Version to 3.9.2.0, no change needed * debian/drupal7.{config,install,postinst,postrm} - Renamed apache.conf to apache2.conf (Closes: #632925) -- Luigi Gangitano Wed, 13 Jul 2011 16:15:35 +0200 drupal7 (7.2-1) unstable; urgency=low [ Luigi Gangitano ] * New upstream release * debian/patches/30_DFSG-sources - Added uncompressed sources of javascript files * debian/control - Removed article from start of description -- Luigi Gangitano Mon, 20 Jun 2011 02:05:42 +0200 drupal7 (7.0-2) unstable; urgency=low * debian/copyright - Added copyright notices for include JQuery libraries -- Luigi Gangitano Sun, 15 May 2011 23:55:24 +0200 drupal7 (7.0-1) unstable; urgency=low * New upstream release [ Luigi Gangitano ] * debian/etc/settings.php - Updated default configuration file * debian/drupal.{dirs,links,install,postinst,postrm} - Removed automatic link from apache2 configuration file * debian/README.Debian - Added instructions on how to enable drupal in Apache2 * debian/{drupal7.postinst,docs,dbconfig.template} - Generate database configuration from template [ Kinga Marjai ] * debian/control - Removed dependency on exim4, now depends on default-mda - Bumped Standard-Version to 3.9.1, no change needed * debian/drupal6.postrm - Made postrm check for restart.sh in case dependencies were not properly installed (thanks to Bhavani Shankar.R, from Ubuntu) * debian/cron.sh - Added --fail option to curl to work around missing base_url in configuration files * debian/cron.d - Fixed conditional to avoid warnings on removed package -- Luigi Gangitano Sat, 05 Mar 2011 17:43:23 +0100 drupal7 (7.0~alpha2-1) UNRELEASED; urgency=low [ Luigi Gangitano ] * New upstream branch 7.0 * debian/* - Rename file and directories from 6 to 7 - In debian/control switch to Source: drupal7 * debian/etc/settings.php - Updated default configuration file [ Kinga Marjai ] * debian/rules - Don't set debconf version dependency -- Luigi Gangitano Tue, 3 Mar 2010 22:59:34 +0100 drupal6 (6.15-2) UNRELEASED; urgency=low [ Alexandre De Dommelin ] * Added patch to remove warnings about Drupal core updates (Closes: #521288) * Bump Standards-Version from 3.8.3 to 3.8.4 (no changes needed) -- Luigi Gangitano Wed, 10 Feb 2010 17:11:35 +0100 drupal6 (6.15-1) unstable; urgency=low * New upstream release (Closes: #561726) - Fixes several XSS vulnerabilities (Closes: #562165) (Ref: SA-CORE-2009-009, CVE-2009-4369, CVE-2009-4370, CVE-2009-4371) * debian/rules - Use dh_prep instead of dh_clean -k * debian/control - Upgraded versioned dependency on debhelper to 7 * debian/README.source - Added directions on source handling -- Luigi Gangitano Mon, 11 Jan 2010 19:47:13 +0100 drupal6 (6.14-1) unstable; urgency=low * New upstream release - Removed security patches integrate upstream + 20_SA-CORE-2009-007 - Fixes multiple vulnerabilities (Ref: SA-CORE-2009-008) (Closes: #547140) * debian/control - Bumped Standard-Version to 3.8.3, no change needed * debian/compat - Switch debhelper compatibility to 7 * debian/copyright - Added reference to copyright file with version -- Luigi Gangitano Sun, 20 Sep 2009 04:57:57 +0200 drupal6 (6.13-1) UNRELEASED; urgency=low * New upstream release -- Luigi Gangitano Mon, 13 Jul 2009 19:42:38 +0200 drupal6 (6.12-1.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Apply upstream patch to fix: - XSS in the forum module - Input format access bypass via signatures - Password leakage via URLs (no CVE id yet; SA-CORE-2009-007; Closes: #535435). -- Nico Golde Mon, 06 Jul 2009 20:27:45 +0200 drupal6 (6.12-1) unstable; urgency=low [ Luigi Gangitano ] * New upstream release (Closes: #529309) (Acknoledges NMU by Security Team) (Closes: #531386) - Removed security patch integrate upstream + 20_xss * debian/{control,rules,links} - Removed dependency on libjs-jquery and use jquery.js from drupal sources to avoid conflict with newer version of jquery (Closes: #530779) -- Luigi Gangitano Tue, 02 Jun 2009 18:25:58 +0200 drupal6 (6.11-1.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix several XSS issues (SA-CORE-2009-006; Closes: #529190). -- Nico Golde Thu, 28 May 2009 20:45:35 +0200 drupal6 (6.11-1) unstable; urgency=low [ Luigi Gangitano ] * New upstream release - Fixes XSS vulnerability (Ref: SA-CORE-2009-005, CVE-2009-1575, CVE-2009-1576) (Closes: #526378) -- Luigi Gangitano Mon, 04 May 2009 19:56:12 +0200 drupal6 (6.10-1) unstable; urgency=low [ Luigi Gangitano ] * New upstream release - This version fixes two Windows-only security issues (Ref: SA-CORE-2009-003, SA-CORE-2009-004) Debian is not affected by this vulnerabilites -- Luigi Gangitano Sun, 01 Mar 2009 18:26:25 +0100 drupal6 (6.9-1) unstable; urgency=low [ Luigi Gangitano ] * New upstream release - Removed security patch integrate upstream + 12_SA-2008-073 + 13_SA-CORE-2009-001 * debian/cron.sh - Handle sites/all correctly (Closes: #513522) -- Luigi Gangitano Mon, 16 Feb 2009 19:37:31 +0100 drupal6 (6.6-3) unstable; urgency=high [ Luigi Gangitano ] * Urgency high due to security fixes * debian/patches/13_SA-CORE-2009-001 - Added upstream patch fixing multiple vulnerabilities (Ref: SA-CORE-2009-001, CVE-TBD) -- Luigi Gangitano Fri, 16 Jan 2009 01:49:58 +0100 drupal6 (6.6-2) unstable; urgency=high * debian/patches/12_SA-2008-073 - Moved NMU changes to dpatch file * debian/control - Added dependency on ${misc:Depends} to make lintian happy * debian/drupal6.{postinst,postrm} - Changed apache configuration link name to drupal6.conf, to avoid collision with drupal5 (Closes: #509769, #505146) - Set default Postgres encoding to UTF8 (Closes: #508506) * debian/README.Debian - Fixed link to installation script (Closes: 507914) -- Luigi Gangitano Thu, 08 Jan 2009 20:49:51 +0100 drupal6 (6.6-1.1) unstable; urgency=high * Non-maintainer upload. * Urgency high because this fixes a security issue * Include upstream patch for SA-2008-073, to fix a security issue: The update system is vulnerable to Cross site request forgeries. Malicious users may cause the superuser (user 1) to execute old updates that may damage the database. (Ref: SA-2008-073, CVE-2008-6170, CVE-2008-6532, CVE-2008-6533) (Closes: #508473) -- Patrick Schoenfeld Fri, 12 Dec 2008 09:30:28 +0100 drupal6 (6.6-1) unstable; urgency=high [ Luigi Gangitano ] * Urgency high due to security fixes * New upstream release - Fixes two security vulnerabilities (Ref: SA-2008-067, CVE-TBA) (Closes: #503222) * debian/drual6.postrm - Fixed missing -e option to make lintian happy * debian/patches/10_cronjob.dpatch - Added patch descritpion to make lintian happy * debian/control - Bumped Standard-Version to 3.8.0, no change needed * debian/{control,rules,links} - Added dependency on libjs-jquery and use jquery.js from it -- Luigi Gangitano Fri, 24 Oct 2008 23:06:15 +0200 drupal6 (6.5-1) unstable; urgency=low [ Luigi Gangitano ] * New upstream release - Removed security patch integrate upstream + 11-SA-2008-060 -- Luigi Gangitano Mon, 20 Oct 2008 23:59:27 +0200 drupal6 (6.4-2) unstable; urgency=high [ Luigi Gangitano ] * Urgency high due to security fixes * debian/patches/11-SA-2008-060 - Added upstream patch fixing several security vulnerabilities (Ref: SA-2008-060, CVE-TBA) (Closes: #501640) * debian/README.Debian - Added a notice about cookie security and session.cookie_secure configuration (Ref: CVE-2008-3661) (Closes: #501058) -- Luigi Gangitano Fri, 14 Oct 2008 15:47:20 +0200 drupal6 (6.4-1) unstable; urgency=low [ Luigi Gangitano ] * New upstream release - Fixes several XSS vulnerabilities (Ref: SA-2008-047, CVE-TBD) -- Luigi Gangitano Fri, 15 Aug 2008 01:35:59 +0200 drupal6 (6.3-1) unstable; urgency=low [ Luigi Gangitano ] * New upstream release (Closes: 465833) * debian/links - Changed files directory link to match new upstream configuration * debian/README.Debian - Fixed references to database population script and added instructions to enable apache2 mod_rewrite. -- Luigi Gangitano Mon, 11 Aug 2008 19:16:04 +0200 drupal6 (6.0-1) UNRELEASED; urgency=low [ Luigi Gangitano ] * New upstream branch 6.0 * debian/* - Rename file and directories from 5 to 6 - In debian/control switch to Source: drupal6 -- Luigi Gangitano Mon, 11 Aug 2008 12:00:12 +0100 drupal5 (5.7-1) unstable; urgency=low [ Luigi Gangitano ] * New upstream release - Fixes several non-security related bugs (Closes: #464876) * debian/po/hu.po - Updated Hungarian debconf templates translation (Thanks to Miklos Lukacs) (Closes: #459378) * debian/cron.sh - Fixed cron script for multisite setup (thanks to Fernando Lucas Rodriguez) (Closes: #464599) * debian/watch - Removed unused 'uupdate' token -- Luigi Gangitano Tue, 12 Feb 2008 11:40:29 +0100 drupal5 (5.6-2) unstable; urgency=low [ Luigi Gangitano ] * debian/cron.d - Fix typo in cron script that makes it running every minutes, set it to one hour (Closes: #456182) -- Luigi Gangitano Sat, 26 Jan 2008 20:51:39 +0100 drupal5 (5.6-1) unstable; urgency=high [ Luigi Gangitano ] * Urgency high due to security fixes * New upstream release - Fixes Cross site request forgery in Aggregator module (Ref: SA-2008-005, CVE-TBA) - Fixes Cross site scripting vulnerability with IE6 and user submitted UTF8 input (Ref: SA-2008-006, CVE-TBA) * debian/cron.d - Run cron script every hour and not every 5 minutes (Closes: #456182) * debian/rules - Removed binary-arch section, moved all actions to binary-indep * debian/control - Swapped httpd | apache2 order to comply with policy - Bumped Standard-Version to 3.7.3, no change needed -- Luigi Gangitano Fri, 11 Jan 2008 15:02:09 +0100 drupal5 (5.5-1) unstable; urgency=high [ Luigi Gangitano ] * Urgency high due to security fixes * New upstream release - Fixes SQL Injection vulnerability in contributed modules (Ref: DRUPAL-SA-2007-031, CVE-2007-6299) * debian/cron.sh - Added check of BASE_URL in baseurl.php (Closes: #448774) -- Luigi Gangitano Fri, 07 Dec 2007 21:29:18 +0100 drupal5 (5.3-1) unstable; urgency=high [ Luigi Gangitano ] * Urgency high due to security fixes * New upstream release - Fixes several security vulnerabilities + DRUPAL-SA-2007-024 (Ref: CVE-2007-5595) + DRUPAL-SA-2007-025 (Ref: CVE-2007-5593) + DRUPAL-SA-2007-026 (Ref: CVE-2007-5596) + DRUPAL-SA-2007-029 (Ref: CVE-2007-5594) + DRUPAL-SA-2007-030 (Ref: CVE-2007-5597) -- Luigi Gangitano Sat, 20 Oct 2007 09:52:38 +0200 drupal5 (5.2-3) unstable; urgency=low * debian/drupal5.install - Install default robots.txt (Closes: #440291) * debian/control - Changed Recommends to postgresql -- Luigi Gangitano Thu, 23 Aug 2007 15:44:15 +0200 drupal5 (5.2-2) unstable; urgency=low * debian/README.Debian - Fixed references to configuration directory * debian/etc/settings.php - Apply fixes from upstream version (Closes: #435433) -- Luigi Gangitano Fri, 27 Jul 2007 02:12:20 +0200 drupal5 (5.2-1) unstable; urgency=high [ Luigi Gangitano ] * Urgency high due to security fixes * New upstream release - Fixes XSS in server variables (Ref: DRUPAL-SA-2007-018, CVE: TBD) - Fixes XSRF in Forms API (Ref: DRUPAL-SA-2007-017, CVE: TBD) * debian/copyright - Fixed FSF address to make lintian happy * debian/control - Removed dependencies on php4 - Updated httpd real package dependency to apache2 - Changed Build-Depend-Indep to Build-Depend (policy 7.6) -- Luigi Gangitano Fri, 27 Jul 2007 01:48:04 +0200 drupal5 (5.1-3) unstable; urgency=low [ Luigi Gangitano ] * debian/control - Removed dependencies on 8.1 version of postgresql packages - Fixed typo in postgresql-server package (Closes: #429229) -- Luigi Gangitano Wed, 29 Jun 2007 21:39:33 +0200 drupal5 (5.1-2) unstable; urgency=low [ Luigi Gangitano ] - debian/control * Added Xs-Vcs-{Svn,Browser} tags - debian/README.Debian * Added istructions on Postgres database install and PHP memory limit (Closes: #427001) [ Bart Cornelis (cobaco) ] - New Norwegian Bokmael translation by Hans Fredrik Nordhaug -- Luigi Gangitano Tue, 13 Mar 2007 00:21:14 +0100 drupal5 (5.1-1) unstable; urgency=low [ Luigi Gangitano ] * New upstream release (Closes: #409522) * debian/{links,drupal5.install,cron.d,etc/apache.conf} - Applied patch from Karl-Heinz Nirschl fixing paths [ Bart Cornelis ] Translations * Updated Dutch translation by Bart Cornelis * Updated Japanese translation by Hideki Yamane * Updated German translation by Helge Kreutzmann (Closes: #413891) * Updated Portuguese translation by Miguel Figueiredo (Closes: #413905) * New Swedisch Translation by Daniel Nylander * New Tamil translation by Tirumurti Vasudevan (Closes: #413824) * New Czech translation by Miroslav Kure (Closes: #413798) * New Russion translation by Yuriy Talakan (Closes: #414063) * New Basque translation by Piarres Beobide (Closes: #413966) * New Galician translation by Jacobo Tarrio (Closes: #413764) -- Luigi Gangitano Sat, 10 Mar 2007 20:04:24 +0100 drupal5 (5.0-1) UNRELEASED; urgency=low * (NOT RELEASED YET) New upstream release * debian/* - Rename file and directories from 4.7 to 5 - In debian/control switch to Source: drupal5 - Add watch file * debian/control - Removed Suggests on ssl enabled packages - Removed dependencies on apache and added dependency on httpd | apache - Added dependency on php4-gd | php5-gd * debian/{rules,drupal5.install} - Removed reference to not-existing directory 'database' * debian/patches/10_cronjob.dpatch - Updated patch to new cron script -- Luigi Gangitano Fri, 26 Jan 2007 20:04:24 +0100 drupal (4.7.5-2) UNRELEASED; urgency=low [ Luigi Gangitano ] * NOT RELEASED YET * debian/control - Bumped Standards-Version to 3.7.2 (no change needed) - Removed dependency on postgsql-{client,server}-8.0 which is not in the archive anymore * Translations - Updated Dutch translations by Bart Cornelis -- Bart Cornelis (cobaco) Tue, 23 Jan 2007 11:50:45 +0100 drupal (4.7.5-1) unstable; urgency=low * New upstream release - Fixes Denial of Service (DRUPAL-SA-2007-002) - Fixes CSS Vulnerability (DRUPAL-SA-2007-001) -- Luigi Gangitano Sun, 7 Jan 2007 00:33:33 +0100 drupal (4.7.4-3) unstable; urgency=low * debian/po/fr.po - Updated French debconf templates translation (Thanks to Thomas Huriaux) (Closes: #404967) * debian/control - Add php5 dependency (Closes: #405162) -- Luigi Gangitano Sun, 7 Jan 2007 00:13:36 +0100 drupal (4.7.4-2) unstable; urgency=low * debian/control - Fixed dependency on postgresql-client - Removed dependency on makepasswd (not needed since we use dbconfig.common) - Removed dependency on php4-cli (not needed with new cron script) - Promote Recommends: php4 to Depends: php4 * debian/etc/settings.php - Fix warning if baseurl.php does not exists * debian/copyright - Fixed copyright information as requested by ftp-master -- Luigi Gangitano Tue, 5 Dec 2006 15:37:25 +0100 drupal (4.7.4-1) unstable; urgency=low * Prepare package for new inclusion in Debian - Thanks to Karl-Heinz Nirschl for keeping this package in his repository and allowing me to start from his work - Change (binary) package name to drupal-4.7 allowing for multiple version to be installed concurrently, so admins can control upgrade between releases - Add dependency on dbconfig-common and switch custom config script to use functions provided by dbconfig-common (Closes: #366692) - Removed unused templates - Added dependency on curl for cron script execution - Take over removal request (Closes: #375496) - Update to latest revision (Closes: #307821, #365047, #365709) -- Luigi Gangitano Thu, 23 Nov 2006 21:53:19 +0100 drupal (4.7.4-0brainlog1) unstable; urgency=low * new upstream release because patches do not apply cleanly * fixes: DRUPAL-SA-2006-024, DRUPAL-SA-2006-025, DRUPAL-SA-2006-026 -- Karl-Heinz Nirschl Fri, 20 Oct 2006 19:26:16 +0200 drupal (4.7.2-0brainlog4) unstable; urgency=low * add security fix DRUPAL-SA-2006-011 XSS Vulnerability in user module * move scripts dir to doc -- Karl-Heinz Nirschl Thu, 3 Aug 2006 19:46:57 +0200 drupal (4.7.2-0brainlog3) unstable; urgency=low * fix initial database generation - now checks for mysql version -- Karl-Heinz Nirschl Sat, 8 Jul 2006 13:13:12 +0200 drupal (4.7.2-0brainlog2) unstable; urgency=low * Using a fresh tarball and no .svn files. * Fix x. permissions. * Use debian mysql maint password for mysql install -- Tzafrir Cohen Fri, 7 Jul 2006 15:59:41 +0300 drupal (4.7.2-0brainlog1) unstable; urgency=low * new upstream release * add patch handling to package - make cron job less verbose -- Karl-Heinz Nirschl Fri, 16 Jun 2006 17:13:50 +0200 drupal (4.7.1-0brainlog1) unstable; urgency=low * new upstream version -- Karl-Heinz Nirschl Mon, 29 May 2006 14:01:48 +0200 drupal (4.6.5-0brainlog1) unstable; urgency=low * update to drupal 4.6.5 (new upstream) -- Karl-Heinz Nirschl Mon, 29 May 2006 13:58:55 +0200 drupal (4.6.3-0brainlog1) unstable; urgency=low * New upstream version (Closes: #307821) * based on the drupal 4.5.2-4 debian package * remove the auto update database stuff * added debconf entry for the base_url -- Karl-Heinz Nirschl Thu, 29 Sep 2005 19:10:17 +0200 drupal (4.5.2-4) unstable; urgency=low * [Miguel Figueiredo ] Added Portuguese translation (Closes: #301394) * [Valentina Commissari ] Added Italian translation (Closes: #301946) * [Gleydson Mazioli da Silva ] Updated Brazilian Portuguese translation. * Fixed typo in package description (Closes: #306997) -- Hilko Bengen Thu, 19 May 2005 21:23:27 +0200 drupal (4.5.2-3) unstable; urgency=high * Fixes "Bypass access via comments" problem mentioned in http://drupal.org/node/19009. Patch from Gerhard Killesreiter, thanks. I consider this a critical bug, hence urgency=high. * [Sergio Talens-Oliag ] Updated Spanish and Catalan Debconf translations and converted them to UTF-8. -- Hilko Bengen Tue, 22 Mar 2005 11:14:36 +0100 drupal (4.5.2-2) unstable; urgency=low * Changed includes/bootstrap.inc: conf.php (or $site.php) is loaded from /etc/drupal directly, without the need for any link. * Removed indentations from sed script which is used to edit the configuration file. * Rolled back session.inc to version found in 4.5.1; fixes bug documented in http://drupal.org/node/15666 * Added documentation about manual update procedure in README.Debian and Debconf templates (Closes: #293804) * Added documentation about adding modules and themes that are not part of the package. * NEWS.Debian mentions where to get Marvin and UnConeD themes that used to be part of the Drupal distribution. -- Hilko Bengen Tue, 15 Mar 2005 15:16:26 +0100 drupal (4.5.2-1) unstable; urgency=low * New upstream version (Closes: #290745; That was fast, wasn't it?) * Updates Japanese Debconf template, thanks to Hideki Yamane (Closes: #290439) * The config file /etc/drupal/conf.php is only generated if it hasn't existed. It is no longer edited. -- Hilko Bengen Sun, 16 Jan 2005 14:49:50 +0100 drupal (4.5.1-2) unstable; urgency=low * /etc/drupal/conf.php is no longer a conffile (Closes: #289624) * Should install with mysql-client-4.1 now (Closes: #285733) -- Hilko Bengen Wed, 12 Jan 2005 02:16:28 +0100 drupal (4.5.1-1) unstable; urgency=low * New upstream version (Closes: #277547, #289216, #278345) * Marvin and UnConeD have been split off into separate packages, as they are not officially supported by upstream any longer. * Added Japanese Debconf template (Closes: #288040) -- Hilko Bengen Sun, 9 Jan 2005 04:21:03 +0100 drupal (4.4.2-2) unstable; urgency=low * Bump version dependency to 0.0.37 where better support for PostgreSQL is included (Closes: 263730) * Another patch to node.module for DB-independennce (Closes: 258015) -- Hilko Bengen Wed, 18 Aug 2004 00:39:58 +0200 drupal (4.4.2-1) unstable; urgency=low * New upstream bugfix release - PostgreSQL support fixed in node.module (Closes: #258015, #258016) * Fixed sed statement in postinst so it will work with woody's sed. (Closes: #257529) * Depends: sharutils (Closes: #258156) * Cron script checks whether /usr/share/drupal/scripts/cron.sh exists and is executable (Closes: #251853) -- Hilko Bengen Tue, 20 Jul 2004 00:03:06 +0200 drupal (4.4.1-3) unstable; urgency=low * Included Marvin and Unconed themes from contrib (Closes: #255039) -- Hilko Bengen Mon, 28 Jun 2004 14:34:40 +0200 drupal (4.4.1-2) unstable; urgency=high * Applied admin_node.patch from against the "Invalid argument supplied for foreach() in /usr/share/drupal/modules/node.module" error (Closes: #242992) * Fixed removal of links in webserver directories * Shut up cron.sh (Closes: #251853) * Install misc/ directory (images and css) (Closes: #253550) * Fixed PostgreSQL removal, added some docs (Closes: #253282) -- Hilko Bengen Thu, 10 Jun 2004 16:06:47 +0200 drupal (4.4.1-1) unstable; urgency=low * New upstream version (Closes: #246307) * Added to cron.d (Closes: #242199) * Create language in database/database.pgsql (Closes: #242572) * Fixed dependencies (Closes: #242622): - Depends on php4-cgi (since it's used by maintainer scripts) - Recommends: php4 | libapache2-mod-php4 (After all, one _can_ run Drupal with a PHP-CGI setup * Fixed generation of links in webserver directories (Closes: #249488) * Out-of-the-box support for multiple sites (Closes: #246009) * Put themes directory under /usr/share/drupal. Themes are no longer handled as conffiles. * Fixed path to database.mysql in README.Debian (Closes: #246414) -- Hilko Bengen Tue, 25 May 2004 10:12:34 +0200 drupal (4.3.2-3) unstable; urgency=low * Rewrote README.Debian, copying substantial parts from the INSTALL file (Closes: #240505) * Re-added a (commented-out) directive for restricting access to admin.php to htaccess file -- Hilko Bengen Sun, 28 Mar 2004 17:38:11 +0200 drupal (4.3.2-2) unstable; urgency=low * [Bart Cornelis ] Added Dutch debconf translation (Closes: #232230) * [Sergio Talens-Oliag ] Added Spanish and Catalan debconf translations (Closes: #235018 * [Gleydson Mazioli da Silva ] Added Brazilian Portugese debconf translation (Closes: #185829) * [Christian Perrier ] Added French debconf translation (Closes: #200722) * Added German debconf translation -- Hilko Bengen Tue, 16 Mar 2004 00:43:55 +0100 drupal (4.3.2-1) unstable; urgency=low * New maintainer (Closes: #227771) * New upstream release (Closes: #204241, #220066) - Test shows that kuro5hin RSS feed can be imported just fine (Closes: #184252) - The encoding bug in ping.module appears to have been fixed (Closes: #215643) * Revamped installation and automatic upgrade procedure - Update sets password in config.php _and_ database (Closes: #193545) - It's possible to install the package without performing any database setup at all (Closes: #201202) * Fixed /etc/drupal/apache.conf (Closes: #219143) * Basic PostgreSQL support -- user and database are created (Closes: #186563) * Should work with apache2 (Closes: #235912) -- Hilko Bengen Thu, 11 Mar 2004 17:30:11 +0100 drupal (4.1.0-10) unstable; urgency=low * Maintainer field set to QA Group * New Brazilian Portuguese debconf template translation, provided by Andre Luis Lopes . Closes: #228109 -- Emanuele Rocca Sun, 1 Feb 2004 20:35:04 +0100 drupal (4.1.0-9.1) unstable; urgency=low * NMU * French debconf templates translation. Closes: #200722 * Correction to english templates for (I guess) better english and formulations. Closes: #186566 * Brazilian portuguese debconf tempaltes translation. Closes: #185829 -- Christian Perrier Tue, 16 Sep 2003 08:55:38 +0200 drupal (4.1.0-9) unstable; urgency=low * Two corrections in postinst to allow manually setting up the DB on upgrade. -- Hugo Espuny Wed, 19 Mar 2003 22:02:50 +0100 drupal (4.1.0-8) unstable; urgency=low * Added patch from drupal.org (Closes: #185217) * Minor typo on apache.conf * Now htaccess is set up dynamically. * Example of restricted admin.php is now at htaccess * Debconf now does not repeat questions after preconfiguring. -- Hugo Espuny Wed, 19 Mar 2003 20:09:45 +0100 drupal (4.1.0-7) unstable; urgency=high * Added securing point to README.Debian * Alias directive on /etc/drupal/apache.conf now is changed dynamically according with debconf question. -- Hugo Espuny Fri, 14 Mar 2003 20:33:29 +0100 drupal (4.1.0-6) unstable; urgency=high * Corrected postrm problem whe downgrading to certain versions. -- Hugo Espuny Fri, 14 Mar 2003 19:38:15 +0100 drupal (4.1.0-5) unstable; urgency=low * Corrected mv themes order in rules file. -- Hugo Espuny Fri, 14 Mar 2003 19:22:12 +0100 drupal (4.1.0-4) unstable; urgency=low * Corrected themes moving engine. (Closes: #184752) * Themes are now configfiles (since 4.1.0-2). I forgot to say... -- Hugo Espuny Fri, 14 Mar 2003 17:30:45 +0100 drupal (4.1.0-3) unstable; urgency=low * Updated to policy version 3.5.9 -- Hugo Espuny Fri, 14 Mar 2003 00:28:18 +0100 drupal (4.1.0-2) unstable; urgency=low * Corrected directive "AllowOverride None" to "AllowOverride All" in /etc/drupal/apache.conf. (Closes: #184183) * Corrected directive to in /etc/drupal/apache.conf. * Corrected cron file, postinst and templates. Now debconf asks for the whole URL, not only TCP port. (Closes: #184182) (Closes: #184182) Thanks to John Goerzen to point me those. * News feed now works properly. (Closes: #184252) (Closes: #184253) -- Hugo Espuny Wed, 12 Mar 2003 18:25:35 +0100 drupal (4.1.0-1) unstable; urgency=high * New upstream version (Closes: #178506) (Closes: #173107) * Moved to use po-debconf. * Fixed README.Debian (Closes: #173103) (Closes: #184111) -- Hugo Espuny Fri, 7 Mar 2003 21:09:02 +0100 drupal (4.0-4) unstable; urgency=low * Corrected a bug on cron.d file. -- Hugo Espuny Wed, 11 Dec 2002 22:39:16 +0100 drupal (4.0-3) unstable; urgency=low * Corrected /etc/cron.d/drupal (thanx to Paul van Tilburg ). (Closes: #172153) * Corrected link in README.Debian. (Closes: #169949) * Changed priority to extra. * postrm now executes an abort install properly. * Updated policy standars to 3.5.8 -- Hugo Espuny Tue, 10 Dec 2002 00:38:36 +0100 drupal (4.0-2) unstable; urgency=low * Minor typo correction in templates file. * Minor bug correction about webserver port in postinst. * Added versioned dependency on wget to support HTTPS * Moved update.php to /usr/share/doc/drupal/upgrades -- Hugo Espuny Wed, 30 Oct 2002 16:54:06 +0100 drupal (4.0-1) unstable; urgency=low * New debian package. (Closes: #164676) * Code taken from phpnuke package. -- Hugo Espuny Tue, 29 Oct 2002 21:21:26 +0100