elog (3.1.3-1-1) unstable; urgency=medium * new upstream version grabbed * debian/ - updated debian/source/lintian-overrides to fix lintian report - updated debian/rules to apply hardening flags correctly - updated Standards-version to 4.0.0 (debian/control) - updated debian/patches/* to work with new upstream version - removed 0002_html_doc.patch because fixed in upstream -- Roger Kalt Sun, 11 Jun 2017 22:04:06 +0200 elog (3.1.2-1-1) unstable; urgency=low * new upstream version grabbed, (Closes: #836505, CVE-2016-6342) * update debian/rules - allow reproducible builds (Closes: #816209) - enable all hardening build flags * update debian/source/lintian-overrides for contrib/elogsubmit.js insane-line-length-in-source-file, removed unused overrides * update Standards-Version to 3.9.8 (debian/control) -- Roger Kalt Tue, 06 Sep 2016 20:00:00 +0100 elog (3.1.1-1-1) unstable; urgency=low * new upstream version grabbed * debian/patches: - update 0004_Makefile.patch to fix file permission in themes - update 0005_ReproducibleBuilds.patch for new upstream version * debian/copyright updated for new CKEditor version config file * debian/source/lintian-overrides updated -- Roger Kalt Thu, 05 Nov 2015 22:00:00 +0100 elog (3.1.0-2-1) unstable; urgency=low * new upstream version grabbed * debian/control: - libjs-jquery is required - fckeditor is no longer suggested but now ckeditor is recommended * debian/patches: - correct 0004_Makefile.patch in order KRB5 auth is enabled in elogd - add 0005_ReproducibleBuilds.patch to allow reproducible builds * debian/postinst: - add pathfind shell function proposed in Debian's Developer's Reference * debian/prerm: - add pathfind shell function proposed in Debian's Developer's Reference -- Roger Kalt Thu, 7 May 2015 20:00:00 +0100 elog (2.9.2+2014.05.11git44800a7-2) unstable; urgency=low * debian/control: - fckeditor is no longer required but only suggested - Standards-Version to 3.9.6 -- Roger Kalt Thu, 23 Oct 2014 20:00:00 +0200 elog (2.9.2+2014.05.11git44800a7-1) unstable; urgency=low * Reintroduction into Debian (Closes: #748800) * New upstream release grabbed from git repository * KRB5 Kerberos authentication and SSL are enabled in the Debian binaries -- Roger Kalt Sun, 11 May 2014 19:49:51 +0200 elog (2.6.3+r1764-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix bashism in postinst script (Closes: #472224) * debian/control: - Bump Standards-Version to 3.7.3. - Use Homepage: field for upstream URL. -- Chris Lamb Sat, 12 Apr 2008 04:28:55 +0100 elog (2.6.3+r1764-1) unstable; urgency=low * New upstream release grabbed from Subversion (r1764). -- Recai Oktaş Wed, 29 Nov 2006 01:36:26 +0200 elog (2.6.2+r1754-1) unstable; urgency=low * New upstream release grabbed from Subversion (r1754), includes fixes for a bunch of security issues[1]: + Fixes from Ulf Harnhammar (Debian Security Audit Project): - There are some incorrect handling of *printf() calls and format strings. They lead to ELOG crashing completely, with the potential of executing arbitrary machine code programs, when a user uploads and submits as the first attachment in an entry a file called "%n%n%n%n" - or similar - which must not be empty. - There is a Cross-site Scripting issue when requesting correctly named but non-existant files for downloading. - There are also Cross-site Scripting issues when creating new entries with New. If a document sends data to ELOG where the fields Type and Category contain invalid entries with HTML code, the resulting error document will print the Type or Category data as-is with no quoting. + Fixes from OS2A team (credits go to Jayesh KS and Arun Kethipelly): - Remote exploitation of a denial of service vulnerability in ELOG's elogd server allows attackers to crash the service, thereby preventing legitimate access. (Closes: #397875) [1] Leaving #392016 open for the reasons stated in that report. -- Recai Oktaş Sat, 11 Nov 2006 19:47:39 +0200 elog (2.6.2+r1719-1) unstable; urgency=critical * Urgency set to critical because of the security issues. * New upstream release grabbed from Subversion (r1719). + Fix an XSS vulnerability, which occurs when editing a log entry in HTML mode. (Closes: #389361) -- Recai Oktaş Thu, 28 Sep 2006 01:36:38 +0300 elog (2.6.1+r1695-0unofficial) unstable; urgency=low * Improve README.Debian, (thanks K. David Prince). * New upstream release. -- Recai Oktaş Thu, 6 Jul 2006 14:54:48 +0300 elog (2.6.1+r1642-1) unstable; urgency=critical * New upstream release grabbed from Subversion (r1642). + Really fix the security issue CVE-2005-4439. * Sigh! Previous upload has some flaws: + Install elcode.js and other resoure files. ElCode editor buttons should work now (thanks K. David Prince). + debian/update: Modify it to catch such sort of errors. + Really remove debian/watch. + Fix the pbuilder DEBEMAIL field which made the previous upload appear as an NMU. * Add a Debian spesific note about the usage of password files in Elog. * Urgency set to critical for security fix. -- Recai Oktaş Fri, 27 Jan 2006 10:27:44 +0200 elog (2.6.1+r1638-1) unstable; urgency=critical * New upstream release grabbed from Subversion (r1638). Fix serious security bugs (thanks to Florian Weimer). (Closes: #349528) + "Do not distinguish between invalid user name and invalid password for security reasons" + "Fixed infinite redirection with ?fail=1" + "Prohibit '..' in URLs" [CVE-2006-0347] + "Fixed potential buffer overflows" [CVE-2005-4439] + "Added IP address to log file" * Urgency set to critical because of the security issues. * Upstream code has been migrated to Subversion. Change package naming scheme so as to track Subversion releases, instead of CVS. * Use Subversion exports as pristine sources directly. In the older versions, we used to rely on the upstream's build script. * debian/postrm: Purge cleanly even no logbook has been created. This situation occurs, for example, when elog is tested with piuparts. It's because, in fact, elogd can not dynamically create logbooks/demo in postinst stage. (Closes: #339958) * debian/control: Bump Standarts-Version to 3.6.2. * debian/rules: Add -lutil to LIBS. * debian/update: New utility for easy updates. * debian/watch: Remove unneeded file. -- Recai Oktaş Thu, 26 Jan 2006 21:45:44 +0200 elog (2.6.0beta2+r1716-1) unstable; urgency=low * New upstream beta release with the latest changes from CVS (r1.1716). + Features a simple markup called ELCode, a special set of tags to format an ELOG entry. The ELCode tags are similar to the BBCode tags (phpBB), sometimes also referred as vB code. * Add Turkish ELOG translation. * Apply a patch to suppress GCC4-related signedness warnings. * debian/control: + Bump Standarts-Version to 3.6.2. + Rewrite description; needs a proof-read by a native English speaker. * debian/copyright: Clarify the copyright. * debian/rules: + Switch to dephelper compat 4. + Get rid of multiple dh_installs by using an '.install' file. + Remove the redundant INSTALL_PROGRAM logic. [These issues were pointed out by Marc 'HE' Brockschmidt; thanks Marc!] -- Recai Oktaş Mon, 25 Jul 2005 13:36:09 +0300 elog (2.5.9+r1674-1) unstable; urgency=high * Latest upstream from CVS (r1.674). + Includes the fix for a buffer overflow: r1.648. + See CVS logs for all changes: http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c * Urgency set to high because of the security issue. * Remove redundant debian/dirs file. -- Recai Oktaş Sun, 29 May 2005 19:53:50 +0300 elog (2.5.9+r1646-1) unstable; urgency=high * New upstream release with the latest changes from CVS (r1.646). + Includes the fix for a possible buffer overflow. + See CVS logs for all changes: http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c * Urgency set to high because of the security issue. -- Recai Oktaş Wed, 4 May 2005 11:46:43 +0300 elog (2.5.8+r1637-1) unstable; urgency=low * New upstream release with the latest changes from CVS (r1.637). See CVS logs for changes: http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c * Add a few contributed scripts and documents: + Script for thumbnails creation. + Document which explains the steps for securing ELOG using SSL and Apache. * Minor changes in description. This needs a proof-read. * Move example files in debian to debian/examples subdirectory. * debian/postinst: Fix welcome message. -- Recai Oktaş Wed, 27 Apr 2005 09:40:12 +0300 elog (2.5.7+r1558-1) unstable; urgency=high * Latest upstream from CVS (r1.528): + Security update. Resolves the following issues: CAN-2005-0439: buffer overflow. CAN-2005-0440: authentication bypass to download sensitive data. + Fixes for a bunch of other bugs. (Closes: #294498) -- Recai Oktaş Mon, 14 Feb 2005 18:36:39 +0200 elog (2.5.6+r1548-1) unstable; urgency=low * New upstream plus latest fixes from CVS (r1.526). -- Recai Oktaş Wed, 26 Jan 2005 10:12:45 +0200 elog (2.5.5+r1526-1) unstable; urgency=medium * Latest upstream from CVS (r1.526). (Closes: #285832, #285834) * Update elogd(8) and elog(1) for the new options. * Minor doc fix for elogd.c. -- Recai Oktaş Sun, 26 Dec 2004 16:37:10 +0200 elog (2.5.5+r1517-1) unstable; urgency=low * Latest upstream from CVS (r1.4517). See CVS logs for changes: http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c * Upstream Makefile didn't inherite the CFLAGS in debian/rules, apply a patch for the problem which will probably be included in the next upstream commits. * debian/postrm: Fix a potential bug. -- Recai Oktaş Mon, 6 Dec 2004 01:08:29 +0200 elog (2.5.4+r1480-1) unstable; urgency=low * Latest upstream from CVS (r1.480). See CVS logs for changes: http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c -- Recai Oktaş Thu, 23 Sep 2004 04:19:22 +0300 elog (2.5.4+r1478-1) unstable; urgency=low * Latest upstream from CVS (r1.478). See CVS logs for changes: http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c -- Recai Oktaş Sun, 19 Sep 2004 15:07:05 +0300 elog (2.5.4+r1459-1) unstable; urgency=high * debian/rules: Fix the serious bug which assigns a string value to DEFAULT_PORT, instead of an integer. This stupid bug also gives an FTBFS on ia64 which helps me to notice it, my bad. * Urgency set to high because of the serious bug. * Grab the latest upstream from CVS (r1.459): Fix some memory leaks. * Reflect the grabbed version to upstream source name. * debian/postinst: + Use canonical code for daemon start, make sure to return true in an effort to make the installation more robust. + Remove some Bashism. * debian/prerm: + Use canonical code for daemon stop, make sure to return true. + Remove some Bashism. * debian/postrm: Return true when removing the init script. -- Recai Oktaş Thu, 12 Aug 2004 01:46:53 +0300 elog (2.5.4-1) unstable; urgency=low * New upstream release (Closes: #258638). Some highlights: + Supports remote side logbook cloning. + Uses syslog for all messages when running as a daemon. * Apply the post 2.5.4 changes from CVS (r1.450). * Recode the maintainer name as UTF-8 in all relevant files. * debian/rules: Change CFLAGS to make use of the new CONFIG_PATH/CFGFILE. * debian/init.d: + Set per option variables instead of a single ARGS variable when sourcing /etc/default/elog. + Check pid file to report startup errors. * debian/README.Debian: Update for the new /etc/default/elog handling. * debian/control: + Rewrite description. + Bump Standarts-Version to 3.6.1. * debian/watch: Change to version 2 style. -- Recai Oktaş Sun, 08 Aug 2004 02:21:05 +0300 elog (2.5.1-1) unstable; urgency=low * New upstream release. * README.Debian: Improved. -- Recai Oktaş Sat, 21 Feb 2004 01:42:52 +0200 elog (2.5.0-3) unstable; urgency=low * doc/contrib: New directory for contributed files. * doc/examples/elog-webnotes.conf: New example configuration. * debian/postinst: Remove some obsolete code. -- Recai Oktaş Fri, 6 Feb 2004 21:13:48 +0200 elog (2.5.0-2) unstable; urgency=low * Cosmetic changes. -- Recai Oktaş Sun, 1 Feb 2004 04:28:52 +0200 elog (2.5.0-1) unstable; urgency=low * New upstream release. -- Recai Oktaş Thu, 29 Jan 2004 20:08:15 +0200 elog (2.4.1-1) unstable; urgency=low * New upstream release. * Cosmetic changes. -- Recai Oktaş Tue, 27 Jan 2004 01:48:59 +0200 elog (2.3.9-1) unstable; urgency=low * New upstream release. -- Recai Oktaş Thu, 17 Jul 2003 16:06:09 +0300 elog (2.3.8-1) unstable; urgency=low * New upstream release. * debian/postinst: Remove a temporary file creation using the new piping feature of 'elog'. -- Recai Oktaş Sat, 7 Jun 2003 16:36:43 +0300 elog (2.3.7-1) unstable; urgency=low * New upstream release. -- Recai Oktaş Thu, 15 May 2003 18:18:28 +0300 elog (2.3.6-1) unstable; urgency=low * New upstream release. -- Recai Oktaş Fri, 25 Apr 2003 17:56:16 +0300 elog (2.3.5-1) unstable; urgency=low * New upstream release. -- Recai Oktaş Wed, 9 Apr 2003 15:30:04 +0300 elog (2.3.4-1) unstable; urgency=low * New upstream release. * debian/prerm: New file. * debian/rules: Changed 'dh_installinit' call. * debian/postinst: Fixed -- daemon was not restarted after an upgrade. -- Recai Oktaş Fri, 4 Apr 2003 02:30:55 +0300 elog (2.3.3-2) unstable; urgency=low * Fix documentation and upgrade notice to prevent confusions. -- Recai Oktaş Mon, 17 Mar 2003 00:47:47 +0200 elog (2.3.3-1) unstable; urgency=low * New upstream release. * Compile with FHS compliant defaults. * Create user/group 'elog' to run under. * Update init script to utilize the compiled defaults. * Rewrite the install scripts to conform upstream changes. * Improve free port search. * Remove '/etc/default/elog' (keep the support for it, though). * Remove 'dpkg-statoverride' support (which seems irrevelant). * Remove 'prerm' script. * Add new config examples. * Add a notice for upgrade. * Fix a few bugs in 'postrm'. -- Recai Oktaş Sun, 16 Mar 2003 16:35:35 +0200 elog (2.3.1-1) unstable; urgency=low * New upstream release. -- Recai Oktaş Fri, 21 Feb 2003 18:54:51 +0200 elog (2.3.0-1) unstable; urgency=low * New upstream. * Add doc-base entry for ELOG manual. * Submit a welcome message for the first time users. * Add support for 'dpkg-statoverride'. * Assign the logbooks to group 'elog' as sgid. * Automatically find a free port for daemon. * Massive rearrangements in scripts. -- Recai Oktaş Sat, 8 Feb 2003 00:22:56 +0200 elog (2.2.5-1) unstable; urgency=low * Initial release. -- Recai Oktaş Fri, 10 Jan 2003 02:04:10 +0200