gosa (2.8~git20230203.10abe45+dfsg-11) unstable; urgency=medium * debian/patches: + Add 1046_groups-classic-theme-generic-tpl.patch. Drop artifact '[6~' from generic group template (classic theme). + Add 1047_silence-SnapshotHandler-in-logs.patch. Don't pass new LDAP class instantiation directly, store in interim variable first. + Add 1048_fix-undefined-variable.patch. Amend 'PHP error: Undefined variable $acl_mode' when using classic theme. + Add 1049_dont-compare-multidim-arrays-with-array-diff.patch. Compare JSON hashes instead of comparing array. This avoids an 'Array to string conversion' error when comparing multi-dimensional arrays. -- Mike Gabriel Tue, 13 Feb 2024 09:19:26 +0100 gosa (2.8~git20230203.10abe45+dfsg-10) unstable; urgency=medium [ Mike Gabriel ] * debian/patches: + Add 1038_include-class_pathNavigator.inc-Don-t-send-object-DN.patch. Silence 'invalid DN syntax' errors from LDAP server when creating new user objects. (Closes: #1051995). + Add 1040_fix-instance-property-typo-in-class_acl-inc.patch. Fix 'Array to string conversion (/usr/share/gosa/include/class_acl.inc, line 180)'. (Closes: #1051997). + Add 1043a_Add-setter-for-skipFooter-property-needed-for-mfa-ex.patch. Add modifier for skipFooter protected class property. + Add 1043b_honour-plugin-property-skipFooter-used-by-mfa-account.patch. Honour plugin property 'skipFooter'. + Rebase patches 1099 and 1149. [ Guido Berhoerster ] * debian/patches: + Add 1041_fix-role-selector.patch in order to fix role selection + Add 1042_fix-user-info-default-theme.patch [ Daniel Teichmann ] * debian/patches/: + Add 1044_fix-class-ldap-serialization.patch which fixes a few bugs regarding LDAP object serialization. This especially fixes setting LDAP userPassword attribute types via GOsa². (Closes: #1052159). + Add 0003-fix-posixaccount-shadowExpire.patch which fixes shadowExpire always being set to 0. (User can't login then) (Closes: #1053806) -- Mike Gabriel Fri, 01 Dec 2023 22:42:54 +0100 gosa (2.8~git20230203.10abe45+dfsg-9) unstable; urgency=medium * debian/patches: + Improve 1007_fix_debugLevel_bitwise_and.patch. Default value for debugLevel is an empty string. Assure this gets interpreted as 0 debugLevel. (Closes: #1049937). + Add 2010_vacation-templates-writeable-path.patch. Use a folder in /var/lib/ for providing a GOsa²-writeable path for vacation templates. (Closes: #1049938). + Fix multiply patching include/class_sortableList.inc. + Add 1025_fix-icons-in-debugBar.patch. Don't use image() method from GOsa²'s function.inc. The debug toolbar is not themed, so hard-code icon img tags. (Closes: #1049939). This resolves the problem of non-shown icons if the default (Materialize CSS) theme is used. + Add 1026_dont-access-static-property-non-static.patch. Resolves 'Accessing static property LDAP:: as non static'. (Closes: #1049956). + Add patches 1027 - 1033. Fix various PHP errors/warnings reported to syslog. (Closes: #1049942). + Add patches 106?_*.patch. Resolve various issues in GOsa²'s acl class. (Closes: #1049940). + Add 1034_include-class_listing.inc-Fix-processElementFilter-n.patch. include/class_listing.inc: Fix processElementFilter() not considering default values for method parameters. (Closes: #1050489). + Add 1063_include-class_-listing-acl-.inc-plugins-admin-acl-cl.patch. plugins/admin/acl/class_aclRole.inc: Fix accessing variables if they are NULL or keys of arrays which aren't even set. + Add 1036_include-class_filter.inc-Define-gridClass-for-defaul.patch. include/class_filter.inc: Define gridClass for default and classic theme. + Add 1037_include-php_setup.inc-Hide-ldap_-search-read-Search-.patch. Silence 'Search: No such object.' PHP error messages for ldap_search() and ldap_read(). Those errors are mostly not errors but simply search / query results. * debian/gosa.{dirs,links,postinst}: + Provide /var/lib/gosa/vacation and symlink to it from /etc/gosa. (Related to 2010_vacation-templates-writeable-path.patch and #1049938). -- Mike Gabriel Tue, 29 Aug 2023 20:53:52 +0200 gosa (2.8~git20230203.10abe45+dfsg-8) unstable; urgency=medium * debian/patches: + Add 1024_fix-mess-of-using-and-comparing-int-and-string-values.patch. This resolves a dirty class property design for the posixAccount class. This patch attempts at avoiding int-with-string value comparisons for the properties gidNumber (string) and primaryGroup (int). (Closes: #1049344). + Add 1155_fix-uid-generation-when-many-uids-have-been-already-taken.patch from Debian's GOsa² 2.7.5 (never uploaded to Debian, but valid for GOsa² 2.8). (Closes: #991545). -- Mike Gabriel Tue, 15 Aug 2023 16:06:27 +0200 gosa (2.8~git20230203.10abe45+dfsg-7) unstable; urgency=medium * debian/patches: + Regression fix in 1023_fix-icon-labelling-with-default-theme.patch. Adding an tag is wrong for Materialize CSS, this needs to be addressed in the DHCP service code in gosa-plugins-systems. -- Mike Gabriel Tue, 15 Aug 2023 13:05:19 +0200 gosa (2.8~git20230203.10abe45+dfsg-6) unstable; urgency=medium * debian/patches: + Add patches 1011 to 1020. Revert nested group feature for GOsa² groups. This feature is completely broken in GOsa² upstream when posixGroups are in use. (Closes: #1049328). Also trivially rebase patches 1009 and 2009. + Add 1021_fix-config-parser-being-null.patch. Since PHP 8.x an XML parser must not be null when accessed. It needs to be an instance of XMLParser(). (Closes: #1049338). + Re-add 1035_acl_override_to_allow_delete_of_group_members.patch. Allow users with memberUid write access to remove users from posixGroup objects. Related to closing #1049328. + Add 1099_remove-debug-code.patch. Drop unwanted var_dump() call and other print statements. + Add 1022_fix-implicit-conversions-of-float-to-int.patch. Avoid PHP deprecation warning "Deprecated: Implicit conversion from float to int loses precision in ". (Closes: #1043575). + Add 11?? patches. Derived from Debian's gosa 2.7.5 patchset (and ignored first when bringing in gosa 2.8.x, but now re-reviewed and re-applied). + Add 1023_fix-icon-labelling-with-default-theme.patch. Properly render labelled icons if default materialize CSS theme is used. (Closes: #1049400). + Improve 1003_php-deprecations.patch. Silence another 'Deprecated: preg_match(): Passing null to parameter #2 () of type string is deprecated' warning. (Closes: #1049394). * debian/rules: + Symlink the smarty4 version of the smarty-gettext plugin to DATADIR/gosa/include/smartyAddons/ (not the smarty3 version). * lintian: + Adjust line numbers in some overrides. -- Mike Gabriel Tue, 15 Aug 2023 11:41:16 +0200 gosa (2.8~git20230203.10abe45+dfsg-5) unstable; urgency=medium [ Dominik George ] * Remove myself as uplaoder. [ Daniel Teichmann ] * debian/patches: + Add 1007_fix_debugLevel_bitwise_and.patch. Use single ampersand operator for logical and operation (not double ampersand). + Add 1008_main-dont-die-on-empty-config-object.patch. Gracefully exit if config object is unavailable (and report to syslog). (Closes: #1039964). + Add 1009_plugin-callHook-always_output_shell_debugging_msgs.patch. Fix output of shell debugging messages via WebUI. [ Guido Berhoerster ] * Fix PHP errors in accept-to-gettext.inc. This fixes numerous errors due to accessing undefined associative array elements. (Closes: #1043019). * Add 2009-Revert-Enable-env-to-work.patch. Work around broken handling of plugin hook commands in gosa > 2.7.4. (Closes: #1039698, #1039699). -- Mike Gabriel Thu, 10 Aug 2023 17:38:49 +0200 gosa (2.8~git20230203.10abe45+dfsg-4) unstable; urgency=medium [ Daniel Teichmann ] * debian/patches: + Add 1004_missing_templates.patch. (Closes: #1039697) * debian/patches: + Update 1002_php82-allow-dynamic-properties.patch: Tolerate dyn. prop. for ALL PHP classes. (Closes: #1039894) + Add 1005_preg_replace_deprecation.patch. + Add 1006_fix-overflow-debug-print_a-func.patch. (Closes: #1040839) [ Debian Janitor ] * Apply multi-arch hints: + gosa-schema: Add Multi-Arch: foreign. -- Mike Gabriel Wed, 12 Jul 2023 23:04:35 +0200 gosa (2.8~git20230203.10abe45+dfsg-3) unstable; urgency=medium [ Daniel Teichmann ] * debian/patches/1003_php-deprecations.patch: + Fix critical PHP error. -- Mike Gabriel Wed, 28 Jun 2023 14:05:34 +0200 gosa (2.8~git20230203.10abe45+dfsg-2) unstable; urgency=medium * debian/patches: + Add 1003_php-deprecations.patch. Silence various PHP 8.2 deprecation warnings. (Closes: #1038682). * Rename debian/NEWS.Debian to debian/NEWS. * debian/gosa.lintian-overrides: + Adjust overrides for this upload. -- Mike Gabriel Tue, 20 Jun 2023 06:13:55 +0200 gosa (2.8~git20230203.10abe45+dfsg-1) unstable; urgency=medium * New upstream Git snapshot. * debian/patches: + Drop patches 0002 and 1001. Both applied upstream. + Trivial rebase of patches 2002 and 2003. -- Mike Gabriel Mon, 06 Feb 2023 20:43:44 +0100 gosa (2.8~git20230117.8f8b0c8+dfsg-4) unstable; urgency=medium * debian/rules: + Don't ship generated files in the bin:pkg gosa, they get rebuilt on every postinst script run. -- Mike Gabriel Sat, 21 Jan 2023 20:53:10 +0100 gosa (2.8~git20230117.8f8b0c8+dfsg-3) unstable; urgency=medium * debian/control: + Update D: Switch to smarty4. * debian/gosa-apache.conf: + Use version independent php_module check. * debian/patches: + Add 1001_dirty-fix-for-encrypt-decrypt.patch. Get logging working again, fix LDAP binding if GOsa² passwords are encrypted in gosa.conf. + Add 1002_php82-allow-dynamic-properties.patch. Tolerated dynamic properties (deprecated in PHP 8.2). * debian/rules: + Use DEB_VENDOR instead of DEB_DISTRIBUTION in gosa.version string. -- Mike Gabriel Sat, 21 Jan 2023 01:00:43 +0100 gosa (2.8~git20230117.8f8b0c8+dfsg-2) unstable; urgency=medium * Team upload to unstable. -- Holger Levsen Fri, 20 Jan 2023 21:36:26 +0100 gosa (2.8~git20230117.8f8b0c8+dfsg-1) experimental; urgency=medium * New upstream Git snapshot. * debian/patches: + Fix typo in 2004_fix-locale-location.patch. + Add 0002_gosa-version.patch, 2008_set-version-file-path.patch. Allow for obtaining the GOsa² version from a package-generated gosa.version file. * debian/rules: + Generate gosa.version file from package version information. -- Mike Gabriel Wed, 18 Jan 2023 07:04:30 +0100 gosa (2.8~git20230116.d119cff+dfsg-1) experimental; urgency=medium * Upload to experimental. * Upstream pre-release of GOsa² 2.8.x. (Closes: #1003694, #991542 #800679). * debian/patches: + Drop nearly all patches except from the Debian-specific ones. Next major GoSA² version has them all (or should, but that's an upstream matter from here). + Trivial rebase of 2002 and 2003. + Rebase 2004_fix-locale-location.patch. + Add 0001_fix-setup-license-txt.patch. Amend license mismatch between COPYING and setup/license.txt files. Change also proposed upstream. Fix webUI-displayed license text (GPL-3 -> GPL-2). + Add Forwarded: field to Debian-specific patches (and silence lintian). + Add 2007_no-pChart.patch. Forget about pChart class. * debian/watch: + Drop plugin watch files. + Use watch.gosa-gosa-core to continue from here. + Adjust file to match upstream Git snapshot versions correctly. Drop uupdate and debian tasks. * debian/control: + Add B:/R: entries for all pre-2.8 bin:pkgs. They are not compatible with GOsa² 2.8 anymore. + Drop plugin bin:pkgs. + Update Homepage: field. + Bump Standards-Version: to 4.6.2. No changes needed. + Add Rules-Requires-Root: field and set it to 'no'. * debian/rules: + Use uscan for orig tarball retrieval. + Drop lintian warnings silencer. + Drop unneeded doc files. + Fix symlink of font files (classic theme). * debian/copyright: + Update auto-generated copyright.in file. + Complete rewrite of attributions. + Adjust Files-Excluded: field. * debian/po: + Trivial .po file update. * debian/fix-constructors.sh: + Drop file. Should be ok upstream now. * debian/gosa-plugin-*.{install,}: + Drop files. Plugins will be uploaded as individual src:pkgs for GOsa² 2.8. * debian/source/lintian-overrides: + Drop file. Not required anymore for now. * debian/*.{install,manpages,docs}: + Adjust to GOsa 2.8. * debian/gosa.postinst: + Use colon instead of dot in chown command. * debian/control: + Bump Standards-Version: to 4.6.1. No changes needed. * debian/gosa.apache2: + Drop empty file. * debian/README.multi-orig-tarball-package: + Drop file. Not required anymore. * debian/NEWS.Debian: + Update file. * debian/{NEWS,NEWS.Debian,README.Debian}: + Update files, re-arrange usage. * debian/upstream/metadata: + Add file. Comply with DEP-12. * debian/gosa-dev.manpages: + Drop update-online-help.1, script not shipped anymore. -- Mike Gabriel Mon, 16 Jan 2023 15:51:01 +0100 gosa (2.7.4+reloaded3-16) unstable; urgency=medium * Re-upload as is. * debian/changelog: + Fix faulty bug closure in previous changelog stanza. Re-closing the correct bug here now. (Closes: #989099, allow gosa to be installed in chroots). -- Mike Gabriel Wed, 26 May 2021 09:31:07 +0200 gosa (2.7.4+reloaded3-15) unstable; urgency=medium * debian/gosa.postinst: + Don't choke on failing httpd service restarts. This allows gosa to be installed into chroots. (Closes: #989099). * debian/patches: + Add 1051_openldap-gosa-samba3.-Provide-alias-attribute-descri.patch and 1052_contrib-kolab2.-Comment-out-alias-attribute-type.patch. Provide 'alias' attribute type via 'gosaMailAccount' objectClass. This fixes 'alias' field setting via gosa-plugin-mailaddress without the need to add 'kolabInetOrgPerson' objectClass to every mail account. (Closes: #989096). + Add 1053_check-countable-before-using-count-on-variable.patch. Don't use count() function on data that might not be countable. Silences hundreds of PHP warning log messages per user session. (Closes: #939043). -- Mike Gabriel Tue, 25 May 2021 21:18:20 +0200 gosa (2.7.4+reloaded3-14) unstable; urgency=medium * debian/patches: + Add 1050_implode-syntax-php74.patch. Use PHP 7.4 compliant implode() syntax. (Closes: #964600). * debian/control: + Bump Standards-Version: to 4.5.1. No changes needed. + Bump DH compat level to version 13. -- Mike Gabriel Mon, 23 Nov 2020 17:44:53 +0100 gosa (2.7.4+reloaded3-13) unstable; urgency=medium * debian/patches: + Add 1049_gosa-fix-filterlocklabelimage.patch. Use NULL as default for in filterLockImage() and filterLockLabel(). (Closes: #941165). -- Mike Gabriel Mon, 27 Jul 2020 22:32:50 +0200 gosa (2.7.4+reloaded3-12) unstable; urgency=medium * debian/patches: + Add 1048_gosa-cred-encrypt-decrypt-php-7.4.patch. Fix upgrade error with PHP 7.4 in use. PHP 7.4 chokes on a flaw in cred_encrypt() and cred_decrypt() that previous PHP versions silently ignored. (Closes: #964318). -- Mike Gabriel Mon, 13 Jul 2020 13:23:35 +0200 gosa (2.7.4+reloaded3-11) unstable; urgency=medium * debian/control: + Drop php-recode. Code path has an alternative for its usage (iconv). (Closes: #955314). + Update Homepage: field. (Closes: #940719). + Bump Standards-Version: to 4.5.0. No changes needed. * debian/{control,compat}: + Switch to debhelper-compat notation. Bump DH compat level to version 12. * debian/copyright: + Update Source: field. -- Mike Gabriel Mon, 20 Apr 2020 07:32:48 +0200 gosa (2.7.4+reloaded3-10) unstable; urgency=medium * debian/patches: + Add 1047_CVE-2019-14466-1_replace_unserialize_with_json_encode+json_ decode.patch: Replace (un)serialize with json_encode/json_decode to mitigate PHP object injection. (CVE-2019-14466). -- Mike Gabriel Sat, 31 Aug 2019 16:09:11 +0200 gosa (2.7.4+reloaded3-9) unstable; urgency=medium * debian/changelog: + Post-upload fix of patch-1045 explanation in previous stanza. * debian/patches: + Add 1046_CVE-2019-11187_stricter-ldap-error-check.patch. Perform stricter check on LDAP success/failure (CVE-2019-11187). * debian/control: + Bump Standards-Version: to 4.4.0. No changes needed. -- Mike Gabriel Thu, 08 Aug 2019 13:29:34 +0200 gosa (2.7.4+reloaded3-8) unstable; urgency=medium * debian/patches: + Add 1043_smarty-add-on-function-param-types.patch. Fix missing password field, caused by PHP error "parameter 2 expected to be a reference, value given". This happened due to mismatching parameter types whenever the smarty3 template rendering engine called gosa's (slightly not-compliant anymore) smartyAddon functions. (Closes: #918578). The patch also brings some smartyAddon hygiene for the {render} block and the not-used-anymore {tr} block. + Add 1044_crypto-transition-without-mcrypt.patch. Make gosa-mcrypt-to-openssl-passwords script independent from php-mcrypt, and thus make it work with Debian buster's php7.3. (Closes: #925138). + Update 1026_fix-deprecated-constructor-format.patch. Drop an unwanted find+replace artefact in class_userFilter. + Add 1045_dont_use_filter_caching.patch. Disable filter caching via $_SESSION. The filter caching mechanism stores PHP object in $_SESSON; since php7.0 this has lead to all sorts of unexpected results and flawed rendering of class_management based listings. (Closes: #907815). * debian/control: + Bump Standards-Version: to 4.3.0. No changes needed. -- Mike Gabriel Fri, 19 Apr 2019 15:24:14 +0200 gosa (2.7.4+reloaded3-7) unstable; urgency=medium [ Mike Gabriel ] * Update default config. + Enable netgroup, pwreset and school-manager plugins by default. [ Dominik George ] * Update my maintainer address. * Add support for php-fpm in apache config. -- Dominik George Wed, 12 Dec 2018 16:52:38 +0100 gosa (2.7.4+reloaded3-6) unstable; urgency=medium [ Christian Schwamborn ] * debian/patches: + Add 1040_inactive_pwd_fields_when_using_pwd_proposal.patch. Disable password entry text fields when password proposal is to be used. + Improve 1039_fix_sambakickofftime_...tmplate_setting.patch. Avoid NULL string being handed over to the date() function. + Add 1041_ref_param_error_in_My_Parser.patch. Compat fix for PHP > 5.4. Hand over real variable to function. + Add 1042_add_option_to_disable_autocomplete.patch. Add support for disabling autocompletion in search boxes. [ Mike Gabriel ] * debian/control: + Bump Standards-Version: to 4.2.0. No changes needed. + Drop exim4 as default MTA, use default-mta instead. Thanks lintian. -- Mike Gabriel Wed, 15 Aug 2018 12:31:03 +0200 gosa (2.7.4+reloaded3-5) unstable; urgency=medium * debian/control: + Update Vcs-*: fields. Packaging Git has been migrated to salsa.debian.org. * debian/patches: + Add 0013_escape-html-entities-for-uid-to-avoid-code-execution- CVE-2018-1000528.patch. Fixes code injection in password change dialog. Resolves CVE-2018-1000528. (Closes: #902723). -- Mike Gabriel Sat, 30 Jun 2018 12:35:38 +0200 gosa (2.7.4+reloaded3-4) unstable; urgency=medium * debian/control: + Add D (gosa): php-cgi. Required for GOsa² to work under lighttpd. (Closes: #892570). + Drop from S: gosa-si-server. (Closes: #891904). (Note: the requested php7.0-cli to php-cli modification was already uploaded with gosa/2.7.4+reloaded3-3). + Bump Standards-Version: to 4.1.4. No changes needed. * debian/gosa.post*: + Test presence of apache2ctl to detect whether GOsa² is supposed to run under Apache2. (Closes: #892571). * debian/patches: + Add 0012_using-the-correct-encryption-method.patch. Use aes-256-ecb, not -cbc as encryption method in cred_encrypt() function. (Closes: #892546). + Add 2006_apache2-private-tmp.patch. Work-around for Apache2's PrivateTmp=true feature in Debian. (Closes: #892569). + Various typo fixes in text comments. * debian/README.gosa.secrets: + Add HowTo about GOsa²'s internal pw encryption procedure. + Advertise this new README in debian/NEWS. * debian/gosa.lintian-overrides: + Add override maintainer-script-should-not-use-recursive-chown-or-chmod postinst. * lintian: Move source overrides into debian/source/. -- Mike Gabriel Fri, 20 Apr 2018 13:36:45 +0200 gosa (2.7.4+reloaded3-3) unstable; urgency=medium * debian/control: + Switch D (gosa-dev) from php7.0-cli to php-cli. -- Mike Gabriel Sun, 04 Mar 2018 20:59:40 +0100 gosa (2.7.4+reloaded3-2) unstable; urgency=medium * debian/control: + Add B:/R: relations (gosa) for gosa-plugin-{heimdal,opsi,fai,fai-schema} (<< 2.7.4+reloaded3-1~). -- Mike Gabriel Thu, 01 Mar 2018 19:47:38 +0100 gosa (2.7.4+reloaded3-1) unstable; urgency=medium [ Mike Gabriel ] * Re-pack GOsa². Drop plugins useless without never really stable gosa-si daemon: - Drop FAI plugin. Obsoleted upstream. - Drop OPSI plugin. Obsoleted upstream. - Drop Heimdal plugin. Obsoleted upstream. * debian/watch.gosa-plugin-{heimdal,opsi,fai}: + Drop files. Not needed anymore. * debian/watch.gosa-*: + Use secure URLs to obtain upstream sources. + Revert back to http access to upstream sources. Upstream's certificate is broken. + Do dversionmangel reloaded3, not reloaded2. * debian/patches: + Add 1029_better-whitespace-cleanup-in-genuid.patch. Prevent gen_uids() from generating UIDs containing blanks. + Add 1030_column-header-titles-group-members.patch. Fix column titles in member lists of POSIX groups. + Add 1031_no-context-loose-continues.patch. Avoid stray continue expression. (Closes: #879105). + Rebase / update 1016_allow-same-user-ids-as-adduser.patch and 1026_fix-deprecated-constructor-format.patch. * debian/control: + Drop from D (gosa bin:pkg): php-mcrypt. Not available in PHP 7.2 anymore. (Closes: #889811). + Bump Standards-Version: to 4.1.3. No changes needed. + Update D (gosa): php7.0-cli -> php-cli. + Switch D (gosa) from virtual pkg php-mysqli to meta package php-mysql. * debian/{compat,control}: + Bump DH compat level to 11. * debian/{control,gosa-plugin-.install}: + Drop bin:pkgs gosa-plugin-opsi, gosa-plugin-fai, gosa-plugin-fai-schema. * debian/gosa.triggers: + Explicitly use await triggering mechanism. * debian/gosa-desktop.templates: + Let gosa-desktop's URL point to http://localhost/gosa by default. (Closes: #854780). * debian/gosa.postinst: + Drop support for handling apache2.2's /etc/apache2/conf.d/ directory. (Closes: #858312). + Deactivate deprecated gosa.conf, if found in /etc/apache2/conf.d/. * debian/gosa.install: + Install gosa-mcrypt-to-openssl-passwords into bin:pkg gosa. * debian/gosa-plugin-mail.install: + Drop addons/. The mail addons were gosa-si related, which got support removed with this release. * debian/copyright: + Update copyright attributions. + Use secure URI for copyright format reference. * debian/rules: + Stop using dpkg-parsechangelog, use pkg-info.mk instead. * debian/NEWS: + Provide information for people upgrading from previous versions of GOsa². * Overall white-space cleanup in debian/. [ Benjamin Zapiec ] * debian/patches: + Add 00??_mcrypt2openssl_*.patch. Migrate gosa-encrypt-passwords and related code from removed mcrypt (since PHP 7.2) to openssl. This also implies dropping gosa-si support entirely (which never really worked anyway and has never been made available in Debian). + Improve patch 1026: gosa-core/include/pChart/: Find more deprecated constructors. [ Christian Scharmborn ] * debian/patches: + Add 1032_fix_select_acl_role.patch + Add 1033_fix_unable_to_delete_acl_asignment.patch + Add 1034_remove_superfluous__get_post__call_from__save_object.patch + Add 1035_acl_override_to_allow_delete_of_group_members.patch + Add 1036_remove_double_groupList_setEditable_setting.patch + Add 1037_fix_shadowexpire_checkbox_from_tmplate_setting.patch + Add 1038_shadowexpire_in_one_line.patch + Add 1039_fix_sambakickofftime_checkbox_and_sambakickofftime_date_ from_tmplate_setting.patch -- Mike Gabriel Thu, 01 Mar 2018 14:23:28 +0100 gosa (2.7.4+reloaded2-13) unstable; urgency=medium [ Dominik George ] * Allow IPv4 addresses and FQDNs as sudoHost. (Closes: #834065). * Added myself to Uploaders. [ Mike Gabriel ] * debian/control: + Update D (gosa, gosa-dev): php-cli -> php7.0-cli. + Update PHP MySQL(i) dependency. GOsa with PHP 7 now depends on php-mysqli. * debian/patches: + Add 1028_use-mysqli-instead-of-mysql.patch. Migrate from PHP MySQL extension to MySQLi extension. (Closes: #834063). + Fix another man page type via 1004_fix-typos-in-man-pages.patch. * lintian: + Update source.lintian-overrides. + Add php-script-but-no-phpX-cli-dep override for two files. * debian/README.Debian: Fix spelling issue. * debian/gosa-plugin-opsi.lintian-overrides: + Drop. No required any more. -- Mike Gabriel Wed, 25 Jan 2017 22:11:04 +0100 gosa (2.7.4+reloaded2-12) unstable; urgency=medium [ Mike Gabriel ] * debian/fix-constructors.sh: + Additionally replace occurrences of ::(...) with ::_construct(). Assure script can be run several times on the same GOsa code tree. * debian/patches: + Fix 1026_fix-deprecated-constructor-format.patch. Additionally patch occurrences of ::(...) with ::_construct(). [ Wolfgang Schweer ] * debian/fix-constructors.sh: + Exclude xml:xml* commands from being touched by this script. * debian/patches: + Another fix for 1026_fix-deprecated-constructor-format.patch. Don't replace xml::xml2array by flawed xml::__construct2array. -- Mike Gabriel Thu, 02 Jun 2016 23:51:54 +0200 gosa (2.7.4+reloaded2-11) unstable; urgency=medium * debian/patches: + Add 1025_fix-with-smarty-3-1-29.patch. Fix class auto-loading when GOsa is used under Smarty3 (>= 3.1.28). + Add 1026_fix-deprecated-constructor-format.patch. Replace old-style constructor names (equaling the class name) by methods of the name "__construct()". This patch has been generated by the shipped-with script debian/fix-constructors.sh. Thanks to Cajus Pollmeier for providing this script. * debian/control: + Bump Standards: to 3.9.8. No changes needed. + Use encrypted URLs for Vcs-*: fields. -- Mike Gabriel Wed, 01 Jun 2016 12:44:43 +0200 gosa (2.7.4+reloaded2-10) unstable; urgency=medium [ Holger Levsen ] * Fixup PHP syntax in 1010_fix-entry-removal-in-mail-plugin.patch. See #796823 for the details. * Update depends and debian/gosa-apache.conf for the PHP 7.0 transition. Thanks to Wolfgang Schweer for the patch! (Closes: #821501) [ Mike Gabriel ] * debian/gosa.NEWS: Fix date (2015 -> 2016) for latest NEWS announcement. -- Holger Levsen Mon, 23 May 2016 12:44:31 +0200 gosa (2.7.4+reloaded2-9) unstable; urgency=medium * debian/gosa-desktop.dirs: + Create /etc/gosa through dpkg for bin:package gosa-desktop. (Closes: #814576). * debian/control: + Drop as alternative Ds (gosa-desktop): konqueror, epiphany-browser, midori, chromium. (Closes: #814774). -- Mike Gabriel Mon, 15 Feb 2016 13:17:12 +0100 gosa (2.7.4+reloaded2-8) unstable; urgency=medium * debian/changelog: + Add closure of #796813 for version 2.7.4+reloaded2-6. * debian/patches: + Fix comment header for 0007_update-sambaHashHook-description.patch. + Add 1022_add-b-switch-to-mkntpasswd-script.patch. Support creation of NT/LM hashes from base64 encoded password string. + Add 1023_check-smbhash-creation-for-base64-encoded-pws.patch. Check NT/LM hash creation during setup checks using decode_base64() function. + Update 0007_update-sambaHashHook-description.patch. Add -MMIME::Base64 package loading in NT/LM hash creation code on gosa.conf man page. + Add 1024_dont-overescape-dollar-signs-in-smb-passwords.patch. Don't over-escape "$" characters in passwords provided to the sambaHashHook execution call. (Together with encoding passwords for sambaHashHook as base64 string, this closes: #801758). * debian/gosa.NEWS: + Add information on password string now getting base64 encoded prior to handing it over to the sambaHashHook script. * debian/gosa.postinst: + Only create symlinks to lpstat and convert, if those binaries really exist on the system. (Closes: #811382). * debian/control: + Update D (gosa-desktop): depend on browser currently available on Debian and Ubuntu. (Closes: #814004). * debian/gosa*.dirs: + Remove most *.dirs directories, only remaining file: gosa.dirs. * debian/gosa{,-plugin-mail,-plugin-gofon,-desktop}.postrm: + Remove /etc/gosa/ directory, if empty when purging the corresponding packages. (To make piuparts happy). * debian/gosa.post*: + Use proper if clauses for conditions. This assures that the postinst/postrm scripts do not fail if any of the conditions is not met. + Define $PATH in scripts to make sure, the which command used in these scripts works as expected. -- Mike Gabriel Fri, 12 Feb 2016 06:14:37 +0100 gosa (2.7.4+reloaded2-7) unstable; urgency=medium * debian/changelog: + Fix-up for previous upload: Add missing changes regarding lintian. * debian/gosa.post{inst,rm}: + Use quotes around which commands. This fixes failures during post-installation if either of the supported http daemon packages is not installed. -- Mike Gabriel Sun, 17 Jan 2016 16:52:35 +0100 gosa (2.7.4+reloaded2-6) unstable; urgency=medium * debian/patches: + Fix 1007_gen-uids-like-gosa26.patch. If a placeholder operator specifies no start and end, but only one value (e.g., %{givenName[12]}), then always use the complete string. (Closes: #803540). + Add 1021_disable-sorting-in-DHCP-section-lists.patch. Disable sorting for DHCP section lists (plus fix accessor name in class_sortableList.inc). (Closes: #796813). + Add 0006_code-injection-in-samba-hash-generation.patch, 0007_update-sambaHashHook-description.patch. Fix potential code injection issue in Samba hash generation. (CVE-2015-8771) + Update 1004_fix-typos-in-man-pages.patch due to cherry-picking 0007_update-sambaHashHook-description.patch from upstream. Also fix more man page typos (reported by lintian). * debian/gosa.postinst: + When figuring out whether it makes sense to restart Apache2, let's check for presence of apache2ctl binary (instead of apache2 binary). Nowadays, the Apache2 server can be considered installed when apache2ctl is present on a Debian system. + Avoid usage of full paths when testing for presence of executables. * debian/gosa.postrm: + Avoid usage of full paths when testing for presence of executables. * lintian: + Add two more false-positives (source-contains-prebuilt-javascript-object, source-is-missing for GOsa's own version of datepicker.js). -- Mike Gabriel Mon, 04 Jan 2016 23:33:10 +0100 gosa (2.7.4+reloaded2-5) unstable; urgency=medium * debian/patches: + Update 1016_allow-same-user-ids-as-adduser.patch. Fix typo. + Update 0003_xss-vulnerability-on-login-screen.patch. Fix a second place where $username should be sanitized by set_post() function. + Add 1020_ob-fixes.patch. Only run ob_end_clean() if there is something to clean. -- Mike Gabriel Mon, 19 Oct 2015 13:17:40 +0200 gosa (2.7.4+reloaded2-4) unstable; urgency=medium * debian/patches: + Improve 1007_gen-uids-like-gosa26.patch. Handle situations where attribute values are shorter than the minimal length required. Use the complete attribute's value then, if even not long enough. + Fix 1012_allow-one-level-domains-in-email-addresses.patch. Fix email template checks in tests::is_email(). Also, allow mail addresses starting with a single letter followed by a dot as second character (e.g., "m.gabriel"). + Add 1013_fix-smarty-gettext-tags-recognition.patch. Fix rendering of .tpl files that contain parameterized {t} blocks. + Add 1014_fix-description-of-new-prim-groups.patch. Fix obtaining givenName and sn from user object when creating its primary POSIX group. + Add 1015_allow-iso8601-date-format-in-user-API.patch. Allow writing ISO8601 conform date strings into the dateOfBirth field. + Add 1016_allow-same-user-ids-as-adduser.patch. If strictNamingRules is set to false in gosa.conf, allow the same UID naming rule as found in /usr/bin/adduser (as of Debian jessie/stretch). + Add 1017_get-ogroups-ou-fix.patch. Use correct GOsa² API call to obtain ogroupRDN string. + Add 1018_no-item-multiplication-on-duplicate-search-results.patch. Don't return items more than once when found during consecutive search queries. + Add 1019_fix-various-typos.patch. Fix various typos in the GOsa² code. * debian/gosa-apache.conf: + Drop FCGIWRapper option from FCGI related Apache2 config part. Fixes Apache2 startup failures when mod_fscgi is used with GOsa². * Debian Menu system: Drop debian/gosa.menu in favour of shipping our gosa-desktop.desktop file. (See tech-ctte resolution in #741573). * Debhelper compat: Bump to version 9. * debian/control: + Drop R (gosa): ${misc:Recommends}. -- Mike Gabriel Tue, 13 Oct 2015 16:19:33 +0200 gosa (2.7.4+reloaded2-3) unstable; urgency=medium * debian/patches: + Rename several patches (2005-2008 -> 1005-1008) to denote that they are relevant for upstream. + Add 1009_fix-insertDhcp-icon-in-dhcp-section-overview.patch. Fix label stripping in GOsa²'s image() function. This fixes displaying the insertDhcp* icon in the DHCP service plugin. (Closes: #794117). + Add 2005_allow-Debian-blends-to-override-gosa-conf.patch. Allow Debian blends to provide their own version of gosa.conf and not get bugged by GOsa's notification message on gosa.conf template changes. Debian blends using GOsa (e.g., Edu, LAN) must handle gosa.conf updates themselves. (Closes: #794118). + Add 0004_fix-get-post.patch. Fix transferral of POST variables. + Add 1010_fix-entry-removal-in-mail-plugin.patch. Fix entry deletion of items in "alternatives addresses" and "forward messages to non-group members" for group mail objects. (LP:#1307483). + Add 0005_fix-password-expiry-status.patch. Fix expiration status for passwords if shadowMax is used in POSIX/shadow accounts. + Add 1011_define-isPluginModified.patch. Fix undefined property error for non-defined usertags::$isPluginModified. (Closes: #794690). + Add 1012_allow-one-level-domains-in-email-addresses.patch. Allow one-level domains in email addresses (such as @intern, as used in Debian Edu by default). (Closes: #794738). debian/control: + Add C (gosa-plugin-mail): gosa-plugin-mailaddress. New package in Debian unstable providing a very light-weighted Mail configuration plugin für GOsa². -- Mike Gabriel Mon, 24 Aug 2015 15:15:14 +0200 gosa (2.7.4+reloaded2-2) unstable; urgency=medium * debian/patches: + Add 2007_gen-uids-like-gosa26.patch. Fix idGenerator for patterns like {%sn[3-6}-{%givenName[3-6]}. (Closes: #793455). + Add 2008_enable-csv-import-on-clean-installs.patch. Enable CSV / LDIF import on (non-Debian-Edu) clean GOsa² installations by default. (Closes: #782529) * debian/{control,*.install}: + Process with wrap-and-sort. * debian/control: + Bump Standards: to 3.9.6. No changes needed. * debian/copyright: + Really mention all files (plus various fixes). * debian/watch: + Provide as symlink to debian/watch.gosa-core to make uscan and DDPO happy. * lintian: + Drop debian-watch-file-is-missing override. This package version now provides a watch file. * debian/gosa-desktop.desktop: + Drop MimeType= key from .desktop file. Makes no sense without providing %f, %F, %u or %U for the Exec key. -- Mike Gabriel Fri, 24 Jul 2015 11:06:39 +0200 gosa (2.7.4+reloaded2-1) unstable; urgency=medium * Repack gosa src:package in order to drop several subtrees of the source code: - Smarty3 sources, - Smarty Gettext sources, - Liberation font, further fonts shipped with pChart, - Scriptaculous.js, - and upstream's debian/ packaging folder. * debian/README.multi-orig-tarball-package: + Grammar fix. * debian/gosa.postinst: + When activating gosa for lighttpd, create /etc/lighttpd/conf-enabled/ if it does not exist, yet. (Closes: #757558). * debian/control: + Make sure that all GOsa² component/plugin bin:packages match the exact version of the gosa bin:package. + Add D (gosa): smarty-gettext. + Add D (gosa): libjs-scriptaculous. * debian/rules: + Rework get-orig-source rule, remove embedded libraries from upstream source tree. + Stop shipping fonts with gosa src:package in Debian (via get-orig-source). + Use Debian's version of smarty-gettext (via symlink). + Use Debian's version of Scriptaculous.js and Prototype.js (via symlinks). + Improve readability. Add some comments. * debian/copyright: + Update file. + Update debian/copyright.in template. * lintian: + Drop override embedded-php-library for Smarty3. Not shipped in repacked sources anymore. + Drop override embedded-php-library for Scriptaculous.js and Prototype.js. Not shipped in repacked sources anymore. + Drop unused overrides. * debian/patches: + Add 1004_fix-typos-in-man-pages.patch. Fix several typos and hyphen-used-as-minus-sign issues in GOsa² man pages. + Update 0001_smarty3.patch. The sources of smarty-gettext are not shipped with Debian's gosa src:package anymore. + Improve trimming in 1002_trim-decrypt.patch. Obtained from latest password encryption/decryption tests with FusionDirectory. + Provide patch headers with Author: and Description: fields whereever possible. -- Mike Gabriel Mon, 11 Aug 2014 18:41:55 +0200 gosa (2.7.4+reloaded1-4) unstable; urgency=medium * debian/patches: + Add 0004_RequestHeader-no-underscores-apache24.patch. Since Apache2.4: Translation of headers to environment variables is more strict than before to mitigate some possible cross-site-scripting attacks via header injection. Headers containing invalid characters (including underscores) are now silently dropped. (Closes: #753419). -- Mike Gabriel Tue, 01 Jul 2014 20:40:05 +0200 gosa (2.7.4+reloaded1-3) unstable; urgency=medium * debian/patches: + Update patch naming scheme. See debian/patches/README. + Unify file name scheme in patch files. + Add 1002_trim_decrypt.patch. Fix decryption of LDAP master password (which previously got encrypted with gosa-encrypt-password). (Closes: #748065). + Add 0003_xss-vulnerability-on-login-screen.patch. Escape html entities to fix xss at the login screen. (Closes: #753388). -- Mike Gabriel Tue, 01 Jul 2014 14:19:45 +0200 gosa (2.7.4+reloaded1-2) unstable; urgency=low * debian/control: + Update Vcs-*: fields. Packaging has been moved to Alioth and is now Git based. + Bump Standards: to 3.9.5. Fixed DEP-5 compliancy of debian/copyright. * debian/copyright: + Make file DEP-5 compliant. + Add CDBS-autogenerated debian/copyright.in file for later reference. * debian/gosa.prerm: + Ignore those valid prerm options that nothing has to be done for. (Closes: #745045). * debian/gosa.postrm: + Handle apache2 config symlink removal and Apache2 restarts properly on package purging. (Closes: #744151). * debian/gosa.postinst: + Only create Apache2.2 symlinks if Apache2.4 conf-available folder is not present. * Remove obsolete packaging files for formerly embedded bin:package smarty3. * package scripts: Whitespace clean-up. Use tabs as indentations. -- Mike Gabriel Sun, 18 May 2014 22:44:32 +0200 gosa (2.7.4+reloaded1-1) unstable; urgency=low * New maintenance team: Debian Edu Packaging Team. * Use upstream tarballs as provided at http://oss.gonicus.de/pub/gosa/ instead of assembling them from SVN or other source. This makes tarballs checksum stable and allows us to plainly keep the debian/ folder in Vcs. * debian/rules: + Add get-orig-source sequence. + Symlink default theme's fonts against fonts in /usr/share/fonts/truetrype/liberation. + Install upstream Changelog into bin:packages. * debian/control: + Drop deprecated field DM-Upload-Allowed. + Break up Depends: field items into multiple lines (makes control file diffs easier to read). + Depend on fonts-liberation (rather than on transitional package ttf-liberation). (Closes: #722358). + Bin:package gosa: Alternatively depend on php5-mysqlnd or php-mysql. (Closes: #718857). + Bin:package gosa: Alternatively depend on libapache2-mod-php5, php5-cgi _or_ php5-fpm. (Closes: #718859). * debian/gosa-plugin-mail.install, debian/gosa-plugin-mail.: + Install conffiles to location where they are expected by the GOsa² WebGUI. Handle conffile moval in bin:package gracefully. (Closes: #714922). * debian/gosa.prerm: + Add file. Handle removal of symlinks created during postinst. (Closes: #715441). * debian/gosa.postinst: + Enable gosa-apache.conf appropriately with Apache2.4. Thanks to Andreas B. Mundt for providing the necessary patch. (Closes: #717743). * debian/source.lintian-overrides: + Override gosa source: debian-watch-file-is-missing. We actually have very many watch.* files (for each of the multiple orig tarballs). -- Mike Gabriel Tue, 01 Apr 2014 19:54:34 +0200 gosa (2.7.4-4.4) unstable; urgency=low * Non-maintainer upload. * debian/patches/sasl-password-change.patch: New patch, allows for changing user passwords as admin for sasl authentication method. (Closes: #698544) -- Michael Banck Mon, 02 Dec 2013 12:37:29 +0100 gosa (2.7.4-4.3) unstable; urgency=low * Non-maintainer upload. * debian/patches/fix-mass-ldapimport.patch: New patch, fixes LDAP mass import, by Giorgio Pioda and Petter Reinholdtsen. (Closes: #698840) -- Michael Banck Fri, 14 Jun 2013 10:59:37 +0200 gosa (2.7.4-4.2) unstable; urgency=low [ Jonathan Wiltshire ] * Non-maintainer upload. [ Vagrant Cascadian ] * debian/gosa.postinst, debian/gosa.postrm: Only restart apache2 or lighttpd when binary is present. (Closes: #699616) -- Jonathan Wiltshire Thu, 07 Feb 2013 20:28:29 +0000 gosa (2.7.4-4.1) unstable; urgency=low * Non-maintainer upload. * debian/gosa.postinst: add a guard around a2enmod for when gosa is installed without Apache2 (Closes: #698635) -- Jonathan Wiltshire Sun, 27 Jan 2013 14:15:17 +0000 gosa (2.7.4-4) unstable; urgency=low * New smarty3 package fixes problems with template loading. This release removes the workarounds for that issue. -- Cajus Pollmeier Tue, 19 Jun 2012 09:36:39 +0200 gosa (2.7.4-3) unstable; urgency=low * Reverted Apache2 transition because it has been aborted. Closes: #674357. * Checked if the package runs with debian packaged smarty 3.1.x. Closes: #672398. -- Cajus Pollmeier Mon, 18 Jun 2012 14:29:03 +0200 gosa (2.7.4-2) unstable; urgency=low * More robustness for the postinst scripts. Closes: #673168. * Hide duplicate message of update-gosa. -- Cajus Pollmeier Thu, 17 May 2012 20:29:09 +0200 gosa (2.7.4-1) unstable; urgency=low * New upstream release * Apache2 transition to 2.4 (Closes: #669852) * Corrected dependency of the netatalk plugin (Closes: #606980) * Corrected dependency for deprecated Switch library (Closes: #629336) * Made user id editable when applying templates (Closes: #629446) * Added a conflict for no longer supported plugins (Closes: #608918, #608920) -- Cajus Pollmeier Mon, 23 Apr 2012 10:54:39 +0200 gosa (2.7.3-2) unstable; urgency=low * Fixed purge in postrm script (Closes: #664852) * Brazilian Portuguese debconf templates translation (Closes: #662178) -- Cajus Pollmeier Thu, 22 Mar 2012 13:58:59 +0100 gosa (2.7.3-1) unstable; urgency=low * New upstream release * Maintain DHCP information correctly (Closes: #650258) -- Cajus Pollmeier Mon, 23 Jan 2012 09:07:40 +0100 gosa (2.7.2-1) unstable; urgency=low * New upstream release * Added danish template translation (Closes: #628223) * Removed extra spurious Czech translation file (Closes: #624209) * Upstream has followed the whishlist bug (Closes: #629315) * Fixed an incorrect warning issue (Closes: #629318) -- Cajus Pollmeier Tue, 25 Oct 2011 13:48:03 +0200 gosa (2.7.1-2) unstable; urgency=low * Updated debconf translation (Closes: #624209) -- Cajus Pollmeier Wed, 27 Apr 2011 08:32:00 +0200 gosa (2.7.1-1) unstable; urgency=low * New upstream release * Updated packaging to not include smarty (Closes: #620489) * Fixed case of POSIX (Closes: #620486) -- Cajus Pollmeier Mon, 04 Oct 2010 10:45:44 +0200 gosa (2.6.11-1) unstable; urgency=low * Samba schema file is incompatible with Samba shipped with lenny (Closes: #582899) * package explicitly depends on preform MPM (Closes: #591043) * default config refers to missing FCGIWrapper (Closes: #591046) -- Benoit Mortier Fri, 13 Aug 2010 11:00:29 +0200 gosa (2.6.10-2) unstable; urgency=low * Removed faulty patch due to 3.0 source conversion * Prevented /usr/share/doc/gosa.conf to be compressed to make setup configuration file saving work again -- Benoit Mortier Tue, 27 Jul 2010 18:49:07 +0200 gosa (2.6.10-1) unstable; urgency=low [ Cajus Pollmeier ] * New upstream release [ Benoit Mortier ] * Switch to dpkg-source 3.0 (quilt) format * gosa fails with: "Fatal error: Call to undefined function print_array() (Closes: #573220) * GOSa fails to add IP and MAC addresses to samba created hosts (Closes: #582896) -- Benoit Mortier Tue, 20 Jul 2010 12:48:02 +0200 gosa (2.6.9-1) unstable; urgency=low * New upstream release -- Cajus Pollmeier Mon, 15 Mar 2010 11:28:48 +0100 gosa (2.6.8-1) unstable; urgency=low * New upstream release -- Cajus Pollmeier Mon, 15 Feb 2010 14:19:14 +0100 gosa (2.6.7-1) unstable; urgency=low * New upstream release -- Cajus Pollmeier Wed, 27 Jan 2010 21:53:12 +0100 gosa (2.6.6-1) unstable; urgency=low * New upstream release -- Cajus Pollmeier Mon, 05 Oct 2009 15:03:41 +0200 gosa (2.6.5-1) unstable; urgency=low * New upstream release -- Cajus Pollmeier Wed, 25 Feb 2009 13:36:18 +0100 gosa (2.6.4-1) unstable; urgency=low * New upstream release -- Cajus Pollmeier Fri, 06 Feb 2009 11:35:38 +0100 gosa (2.6.3-1) unstable; urgency=low * New upstream release -- Cajus Pollmeier Thu, 15 Jan 2009 11:43:15 +0100 gosa (2.6.2-1) unstable; urgency=low * New upstream release -- Cajus Pollmeier Fri, 19 Dec 2008 09:51:32 +0100 gosa (2.6.1-1) unstable; urgency=low * New upstream release -- Cajus Pollmeier Mon, 07 Apr 2008 11:18:53 +0200