phpbb3 (3.0.12-5+deb8u1) jessie; urgency=medium * Fix possible redirection on Chrome: an insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login) [CVE-2015-3880] -- David Prévot Tue, 12 May 2015 15:52:23 -0400 phpbb3 (3.0.12-5) unstable; urgency=medium * Fix authentication setup: another PHP 5.6 compatibility issue, the internal ldap_escape() function was recently added into PHP 5.6 as provided by php5-ldap, and thus need to be renamed. (Closes: #778553) * Fix avatar upload permissions * Fix image display in Apache (Closes: #778457) -- David Prévot Mon, 16 Feb 2015 13:51:53 -0400 phpbb3 (3.0.12-4) unstable; urgency=medium * Fix CSRF vulnerability [CVE-2015-1432] and CSS injection [CVE-2015-1431] (Closes: #776699) * Improve PHP 5.6 compatibility: allow mbstring.http_{in,out}put to be set as '' as well as 'pass' on install; do not display warning in ACP if so. -- David Prévot Mon, 02 Feb 2015 20:35:46 -0400 phpbb3 (3.0.12-3) unstable; urgency=medium * Adapt update_languages script to new scheme * Update URL for upstream language files * Bump standards version to 3.9.6 * Update copyright -- David Prévot Sat, 25 Oct 2014 20:58:23 -0400 phpbb3 (3.0.12-2) unstable; urgency=medium * Update translations: - Update Belarusian - Update Finnish - Add Gaelic - Add Tatar * Update packaging team (Closes: #740936) Thanks Jeroen and Jean-Marc for your previous work. -- David Prévot Fri, 11 Apr 2014 17:57:11 -0400 phpbb3 (3.0.12-1) unstable; urgency=low * New upstream release * Refresh patches * Update copyright * Clean up pre-Squeeze upgrade path * Use XZ compression for language packs * Bump standards version to 3.9.5 * Allow alternatives to MySQL (closes: #732900) -- David Prévot Thu, 02 Jan 2014 22:04:21 -0400 phpbb3 (3.0.11-5) unstable; urgency=low * Make fix_chown.patch a bit more robust * Clean up pre-Squeeze handling * Handle Apache 2.4 (and 2.2 too, closes: #669959) * Clean up copyright -- David Prévot Sun, 21 Jul 2013 18:06:20 -0400 phpbb3 (3.0.11-4) unstable; urgency=high * Fix chown in cache (closes: #711172) * Fix world-writable directories -- David Prévot Thu, 13 Jun 2013 15:35:45 -0400 phpbb3 (3.0.11-3) experimental; urgency=low * Update Belarusian, Bulgarian, Czech, Mexican Spanish, Spanish (Casual Honorifics and Formal Honorifics) and Slovenian translations. * Update copyright to new path for these translations. -- David Prévot Wed, 03 Apr 2013 23:03:56 -0400 phpbb3 (3.0.11-2) experimental; urgency=low * Allow language pack update, without updating the main tarball. * Update Czech, Croatian, Swedish and Vietnamese translations. * Update copyright to new path for these translations. -- David Prévot Mon, 26 Nov 2012 16:57:03 -0400 phpbb3 (3.0.11-1) experimental; urgency=low * New upstream release. * New Brazilian Portuguese debconf translation by J.S.Júnior (closes: #663496). * Move webserver examples to /usr/share/phpbb3/webserver-examples since they are referenced at install time (Policy 10.7.3). * Update copyright, making it conform to machine-readable version 1.0. * Update to policy 3.9.4: no change needed. * Update patches. * debian/dbapps-lib: Correct handling of dbc_dbserver when configuring mysql connection parameters, thanks to Liam Young for the patch (the #613060 fix was not correct, LP: #997782, closes: #678544). * Remove AUTHORS and VERSION files from the l10n binary package. -- David Prévot Fri, 05 Oct 2012 18:36:43 -0400 phpbb3 (3.0.10-2) unstable; urgency=low * Update Czech translation (closes: #658650). -- David Prévot Sat, 04 Feb 2012 19:16:24 -0400 phpbb3 (3.0.10-1) unstable; urgency=low * New upstream release. * Update patches and schemes. * Explicitly define version number for database upgrade. -- David Prévot Mon, 16 Jan 2012 19:33:28 -0400 phpbb3 (3.0.9-1) unstable; urgency=low * New upstream release. * Remove Shield Ranks plugin (licensing issue). * Update language pack path (upstream packages modified). * Update patches: use cache/$url_forum/ in acm_memory.php too. * Don't hardcode version number for database upgrade. * Handle permissions of nested directories (closes: #607380). * Explicitly define PHPBB_ROOT_PATH in install-XXX (closes: #644276). -- David Prévot Sun, 20 Nov 2011 12:31:59 -0400 phpbb3 (3.0.7-PL1-5) unstable; urgency=low [ David Prévot ] * Fix broken cache, thanks to Nicolas Schodet (actually closes: #599480). * Fix cross site scripting vulnerability (closes: #612477) [CVE-2011-0544]. * Enforce run_sql with "-h localhost" when $dbc_dbserver is empty (closes: #613060). * Don't use local lib on preinst (closes: #595536). * Update to policy 3.9.2: no change needed. * Update my email address. [ Jean-Marc Roth ] * Fix postgres failure when postgres server is remote (closes: #612441). * Don't be too rude on trying to uninstall when unsupported webserver is used (closes: #597373). -- David Prévot Mon, 23 May 2011 15:59:05 -0400 phpbb3 (3.0.7-PL1-4) unstable; urgency=high [ Jean-Marc Roth ] * Be nicer on run_sql() failure (e.g. noninteractive case) -- inspired from dbconfig (closes: #595594). [ David Prévot ] * Vietnamese debconf translation updated, Clytie Siddall (closes: #598579). * Document $url_forum feature in README.multiboard (closes: #599480). -- David Prévot Sat, 16 Oct 2010 12:30:20 -0400 phpbb3 (3.0.7-PL1-3) unstable; urgency=high [ David Prévot ] * Use explicitly port 80 in examples, thanks to Greg Lyle (closes: #586012). * Update to policy 3.9.1: no change needed. * Japanese debconf translation updated, Hideki Yamane (closes: #591079). [ Jean-Marc Roth ] * Be nicer on dbconfig-common failure -- inspired from s9y (closes: #586759). -- David Prévot Sat, 31 Jul 2010 19:07:44 -0400 phpbb3 (3.0.7-PL1-2) unstable; urgency=low [ Jean-Marc Roth ] * Maintainer script does not correctly handle remote DB (closes: #583197). * Update path to VCS-browser, websvn needs a trailing slash. [ David Prévot ] * templates reviewed with the Smith Review Project. * Portuguese debconf translation updated thanks to Américo Monteiro (closes: #583458). * French debconf translation updated. * Czech debconf translation updated thanks to Miroslav Kure (closes: #583771). * Danish debconf translation added thanks to Joe Hansen (closes: #583829). * Swedish debconf translation updated thanks to Martin Ågren (closes: #584753). * Italian debconf translation updated thanks to Luca Monducci (closes: #584771). * Russian debconf translation updated thanks to Yuri Kozlov (closes: #584800). * German debconf translation updated thanks to Matthias Julius (closes: #584847). * Spanish debconf translation updated thanks to Francisco Javier Cuadrado (closes: #584863). [ Thijs Kinkhorst ] * Remove obsolete uuencoded logos. * Dutch debconf translation updated. -- Jean-Marc Roth Wed, 26 May 2010 12:55:24 +0200 phpbb3 (3.0.7-PL1-1) unstable; urgency=low [ Jean-Marc Roth ] * New upstream release (closes: #571787, #524361). [CVE-2010-1630, CVE-2010-1627] * Update to source package format 3.0(quilt). (made patches DEP-3 compliant) * Reinforced security: enable gd captcha, php5-gd becomes dependency, set random captcha settings during config, require user account activation (closes: #570011). * Board becomes multi-site capable (closes: #437836). * README.multiboard updated (closes: #529707). * database upgrade uses patched database_update.php from upstream => added php5-cli to dependencies. * apache2 has become new default in debconf (phpbb3/http). * Styles documentation updated (closes: #569911). * Restart webserver (closes: #430458). * Sqlite support fixed (closes: #504419). * Next-gen permissions on /var/cache and /var/lib, especially for multisite (closes: #447542). * Using UCF for webserver config. * Support setting admin credentials via debconf (closes: #477440). * Provide install directory, actually req'd for multisite (closes: #440405). [ David Prévot ] * Upstream documentation included. * Language pack is back (closes: #502563). * copyright notice updated to DEP-5 (closes: #505319). * Support automatic configuration for lighttpd (closes: #574551). * control and templates reviewed by the Smith Review Project. * Portuguese debconf translation updated thanks to Américo Monteiro (closes: #575949). * Vietnamese debconf translation updated thanks to Clytie Siddall (closes: #575990). * German debconf translation updated thanks to Matthias Julius (closes: #576939). * Japanese debconf translation updated thanks to Hideki Yamane (closes: #577063). * French debconf translation updated. * Spanish debconf translation added thanks to Francisco Javier Cuadrado (closes: #579197). * Swedish debconf translation updated thanks to Martin Ågren (closes: #579280). [ Thijs Kinkhorst ] * Removed self from uploaders. -- Jean-Marc Roth Fri, 30 Apr 2010 12:41:23 +0200 phpbb3 (3.0.4-1) UNRELEASED; urgency=low * New upstream release. * Drop all PHP4-related stuff. * Obsoletes security patches from previous uploads. * Minor packaging cleanups. -- Thijs Kinkhorst Mon, 16 Feb 2009 23:49:49 +0100 phpbb3 (3.0.2-4) unstable; urgency=high * Two security fixes backported from 3.0.4: + deactivated accounts could be re-activated by a user (closes: #508872). + ask for forum password if post within passworded forum quoted in private message. -- Thijs Kinkhorst Fri, 06 Feb 2009 14:51:46 +0100 phpbb3 (3.0.2-3) unstable; urgency=high * More fixes for PostgreSQL database schema creation, thanks Ansgar Burchardt (Closes: #497721). -- Thijs Kinkhorst Fri, 05 Sep 2008 21:06:21 +0200 phpbb3 (3.0.2-2) unstable; urgency=high * Fix bug in PostgreSQL database schema creation (Closes: #497721). * Update to policy 3.8.0: add a patch target to debian/rules and a README.source file. * Fix watch file. -- Thijs Kinkhorst Thu, 04 Sep 2008 09:39:00 +0200 phpbb3 (3.0.2-1) unstable; urgency=medium * New upstream bugfix release. - Includes low-impact security issue, so medium urgency. [CVE-2008-3224] -- Thijs Kinkhorst Sat, 12 Jul 2008 21:32:15 +0200 phpbb3 (3.0.1-1) unstable; urgency=low * New upstream bugfix release. * Add Portuguese debconf translation thanks to Miguel Figueiredo (Closes: #470112) * Fix PostgreSQL schema to strip out hash-style comments (Closes: #461117). -- Thijs Kinkhorst Tue, 22 Apr 2008 01:13:42 +0200 phpbb3 (3.0.0-2) unstable; urgency=low * Also install download/ directory, thanks Laurent Bigonville (Closes: #466429). * Upload to unstable. -- Thijs Kinkhorst Wed, 27 Feb 2008 11:03:04 +0100 phpbb3 (3.0.0-1) experimental; urgency=low * New upstream release (closes: #456304). * Drop obsoleted fix for admin reauth (closes: #450696). * Initialise board startdate to package install time (closes: #447541). * Use MySQL 4.1 schema instead of 4.0, it is more compatible with recent MySQL versions (closes: #460931). * Make cache dir readable by webserver (closes: #447540). -- Thijs Kinkhorst Sat, 19 Jan 2008 22:29:57 +0100 phpbb3 (3.0.0~RC7-1) experimental; urgency=low * New upstream Release Candidate 7. -- Thijs Kinkhorst Tue, 23 Oct 2007 23:01:26 +0200 phpbb3 (3.0.0~RC5-1) experimental; urgency=low * New upstream Release Candidate 5. -- Thijs Kinkhorst Mon, 27 Aug 2007 21:24:05 +0200 phpbb3 (3.0.0~RC4-1) experimental; urgency=low * New upstream Release Candidate 4. -- Thijs Kinkhorst Mon, 30 Jul 2007 17:02:24 +0200 phpbb3 (3.0.0~RC3-1) experimental; urgency=low * New upstream Release Candidate 3. -- Thijs Kinkhorst Mon, 09 Jul 2007 13:35:41 +0200 phpbb3 (3.0.0~RC2-1) experimental; urgency=low * New upstream Release Candidate 2. -- Thijs Kinkhorst Wed, 27 Jun 2007 13:33:24 +0200 phpbb3 (3.0.0~RC1) experimental; urgency=low * New upstream Release Candidate 1. -- Thijs Kinkhorst Thu, 31 May 2007 16:35:37 +0200 phpbb3 (3.0.0~B5) experimental; urgency=low * New upstream Beta 5 release. -- Thijs Kinkhorst Tue, 6 Feb 2007 16:31:45 +0100