spip (4.3.0~beta+dfsg-1) experimental; urgency=medium [ Matthieu Marcillaud ] * build: up ecran de sécurité en version 1.6.1 * build: version 4.3.0-beta [ David Prévot ] * Update mutualisation to 1.5.0 * d/control: Drop default branch from Vcs-Git -- David Prévot Sat, 20 Jul 2024 13:25:45 +0900 spip (4.3.0~alpha.2+dfsg-1) experimental; urgency=medium [ Cerdic ] * feat: une fonction `attribut_url()` pour formatter une URL qui doit être utilisée dans un attribut html * fix: utiliser la fonction attribut_url() pour insérer une url dans un lien html [ Matthieu Marcillaud ] * build: up ecran de sécurité en version 1.16.0 * build: version 4.3.0-alpha2 [ RastaPopoulos ] * fix: surcharge la fonction `propre()` pour pouvoir l'appliquer sans erreur dans les squelettes -- David Prévot Fri, 31 May 2024 08:08:12 +0200 spip (4.3.0~alpha+dfsg-1) experimental; urgency=medium * Upload alpha to experimental [ Matthieu Marcillaud ] * build: version 4.3.0-alpha [ David Prévot ] * Update copyright -- David Prévot Thu, 09 May 2024 19:20:58 +0200 spip (4.2.12+dfsg-1) unstable; urgency=medium [ jluc ] * fix: Sur `email_valide`, éviter une regexp s'il n'y a rien à tester [ Matthieu Marcillaud ] * build: version 4.2.12 [ Cerdic ] * fix: ne pas interrompre la chaine de calcul des autorisations quand on appel autoriser() avec un id_auteur=0 ou inexistant * fix: ne pas provoquer une fatale quand on essaye de securiser une action qui a été appelée sans arg ni hash [ nicod_ ] * fix: Une seule requête plus fiable pour tester l'unicité de l'email * fix: Passer #debug-nav par dessus #spip-debug [ JamesRezo ] * feat: dépréciation formulaire_recherche() [ b_b ] * fix: éviter un débordement du contenu des explications dans les formulaires de l'espace privé * fix: lors de la génération d'un nouveau mot de passe pour un auteur, ne pas envoyer d'email si SPIP n'a pas pu le modifier * fix: supprimer le DOCTYPE et les commentaires des SVG dans le filtre `balise_svg` [ touti ] * fix: éviter que les identifiants se retrouvent sur deux lignes -- David Prévot Wed, 08 May 2024 09:33:54 +0200 spip (4.2.11+dfsg-1) unstable; urgency=medium [ Matthieu Marcillaud ] * build: Version SPIP 4.2.11 [ JamesRezo ] * feat: PHP maxi 8.3 [ David Prévot ] * debian/rules: Fix get-orig-source * debian/control: Update Standards-Version to 4.7.0 -- David Prévot Wed, 10 Apr 2024 08:00:15 +0200 spip (4.2.10+dfsg-1) unstable; urgency=medium [ Matthieu Marcillaud ] * fix: Affichage de Minipres avec des contenus imprévus (warnings php par exemple) * build: Version SPIP 4.2.10 [ jluc ] * fix: Ne pas relancer par mail la validation de l'inscription des auteurs sans mail [ Cerdic ] * fix: Éviter une fuite mémoire dans `generer_objet_info()`. [ nicod ] * fix: ne pas réduire les icones en largeur en mode horizontal [ David Prévot ] * Adapt get-orig-source to Gitlab hosting * Force system dependencies loading -- David Prévot Sat, 09 Mar 2024 16:39:54 +0100 spip (4.2.9+dfsg-2) unstable; urgency=medium * Upload compatible version with PHP 8.2 to unstable * Relax versioned dependency -- David Prévot Mon, 04 Mar 2024 22:21:40 +0100 spip (4.2.9+dfsg-1) experimental; urgency=medium [ JLuc ] * fix: `identifiant_slug()` peut avoir un séparateur vide * fix: toujours loger une erreur de squelette [ Matthieu Marcillaud ] * fix: Éviter une fatale SQL lors de l’optimisation de liens avec des objets éditoriaux qui ne sont plus déclarés * fix: Tolérer un zéro dans l’analyse de certains critères `{critere 0,5}` * build: Version SPIP 4.2.9 [ Cerdic ] * fix: ne pas oublier de déclarer les balise générique comme 'balise_calculee' pour éviter son échappement dans les boucles (DATA) -- David Prévot Fri, 09 Feb 2024 10:10:08 +0100 spip (4.2.8+dfsg-1) experimental; urgency=medium [ Matthieu Marcillaud ] * build: version 4.2.8 Fixes XSS in uploaded files using bigup -- David Prévot Fri, 12 Jan 2024 13:25:02 +0100 spip (4.2.7+dfsg-1) experimental; urgency=medium [ nicod_ ] * fix: boutons de gestion du logo en btn_mini et supprimer en btn_secondaire [ Maïeul Rouquette ] * fix: lors d'une institution, passer l'objet aux pipelines `pre_edition` et `post_editon` * fix(#5752): formulaire multiétapes: si tout est bien passé, recommencer à zéro et pas à la dernière étape [ Matthieu Marcillaud ] * fix: Traitement identique du paramètre type dans `autoriser_exception` et `autoriser` * build: version 4.2.7 [ RealET ] * fix: un warning PHP avec var_profile=1 [ placido ] * fix : erreur d'exécution en cas (tordu) d'appel sur image manquante [ Cerdic ] * fix: si on installe un SPIP neuf sur une base sans champ backup_cles on ne peut pas créer de compte webmestre car on ne peut pas initialiser son mot de passe, la requete update echouant * fix(ux): ne pas avoir un bouton 'annuler le job' qui ressemble à un bouton 'fermer la notification' + une classe en trop * fix: si la lecture d'un stream ne trig jamais feof, se fier à fread()===false + reduire le timeout pour eviter de degrader trop les perf * fix: un nom plus long pour les caches d'image distant pour eviter les collisions, tout en renommant les anciens cache à la volée pour eviter de doublonner les caches * fix: quand le texte passe par echapper_html_suspect() il ne faut pas perdre le contexte des modèles * fix: les modèles insérés dans un texte héritent automatiquement du contexte, a l'insu des redacteurs. Securiser ce qui proviendrait de variables envoyées par l'utilisateur [ tofulm ] * Fix: Évite une fatal error en php 8.2 sur `objet_inserer` et `article_inserer` [ David Prévot ] * Update mutualisation to 1.4.13 -- David Prévot Thu, 21 Dec 2023 22:15:54 +0100 spip (4.2.6+dfsg-1) experimental; urgency=medium [ Maïeul Rouquette ] * fix(5725): Lorsque l'on appelle plus de 10 fois un modèle inexistant, ne pas bloquer les appels qui suivent. [ RastaPopoulos ] * fix(5723): corriger le renseignement des JPG où parfois ça mettait jpeg au lieu de jpg et donc empêchait leur prise en compte. [ Matthieu Marcillaud ] * fix: Éviter une erreur Sodium sur la migration vers SPIP 4.2 si des jetons d’auteurs sont présents * build: Version SPIP 4.2.6 -- David Prévot Fri, 06 Oct 2023 07:59:56 +0200 spip (4.2.5+dfsg-1) experimental; urgency=medium [ Matthieu Marcillaud ] * build: Version SPIP 4.2.5 [ David Prévot ] * Update mutualisation to 1.4.12 -- David Prévot Sun, 03 Sep 2023 23:38:05 +0530 spip (4.2.4+dfsg-1) experimental; urgency=medium [ Cerdic ] * security: Utiliser une fonction dédiée pour nettoyer les données d’auteur lors de la préparation d’une session [ Matthieu Marcillaud ] * build: Version 4.2.4 -- David Prévot Sat, 08 Jul 2023 20:09:50 +0200 spip (4.2.3+dfsg-1) experimental; urgency=medium [ Matthieu Marcillaud ] * build: Up écran de sécu en 1.5.3 * build: Version 4.2.3 [ David Prévot ] * Build-depend on php-symfony-deprecation-contracts -- David Prévot Thu, 08 Jun 2023 08:07:56 +0200 spip (4.2.2+dfsg-1) experimental; urgency=medium * Upload to experimental during the freeze [ Matthieu Marcillaud ] * build: Version SPIP 4.2.2 [ David Prévot ] * Install upstream README * Update copyright * Update mutualisation to 1.4.11 * Update dependencies wrt composer.json * Build JavaScript Load Image from source * Provide homemade autoload.php [ Guilhem Moulin ] * Add d/salsa-ci.yml for Salsa CI. -- David Prévot Thu, 25 May 2023 14:23:52 +0200 spip (4.1.7+dfsg-1) unstable; urgency=medium [ Matthieu Marcillaud ] * build: Version 4.1.7 [ David Prévot ] * Update lintian override info format in d/source/lintian-overrides. * Update standards version to 4.6.2, no changes needed. -- David Prévot Sat, 14 Jan 2023 12:24:58 +0100 spip (4.1.5+dfsg-1) unstable; urgency=medium [ Matthieu Marcillaud ] * build: Version 4.1.5 [ David Prévot ] * Update mutualisation to 1.4.10 -- David Prévot Fri, 22 Jul 2022 08:21:53 +0200 spip (4.1.2+dfsg-1) unstable; urgency=medium [ Matthieu Marcillaud ] * Version 4.1.2 [ David Prévot ] * Update mutualisation to 1.4.9 * debian/rules: Don’t ship any .md file -- David Prévot Mon, 23 May 2022 21:44:51 +0200 spip (4.1.1+dfsg-1) unstable; urgency=medium * Upload release to unstable [ Matthieu Marcillaud ] * Version 4.1.1 -- David Prévot Wed, 13 Apr 2022 09:25:47 +0200 spip (4.1.0~rc+dfsg-1) experimental; urgency=medium [ Matthieu Marcillaud ] * Version 4.1.0-rc [ David Prévot ] * Adapt packaging to removed files -- David Prévot Sat, 05 Mar 2022 17:55:33 +0100 spip (4.1.0~beta+dfsg-1) experimental; urgency=medium [ Matthieu Marcillaud ] * Version 4.1.0-beta -- David Prévot Sat, 19 Feb 2022 10:46:26 -0400 spip (4.1.0~alpha+dfsg-1) experimental; urgency=medium * Upload alpha to experimental [ Matthieu Marcillaud ] * Version 4.1.0-alpha [ David Prévot ] * Track dev versions * Don’t ship test data * Drop php-pclzip dependency * Use libjs-jquery-jstree * Update copyright * Use shipped version of php-xml-htmlsax3 -- David Prévot Sat, 12 Feb 2022 11:34:15 -0400 spip (4.0.4-1) unstable; urgency=medium [ Matthieu Marcillaud ] * Version 4.0.4 [ b_b ] * bien verifier le droit de modifier le login dans le formulaire_editer_auteur [ David Prévot ] * Revert "Use libjs-sortable" -- David Prévot Sat, 05 Feb 2022 09:45:17 -0400 spip (4.0.2-1) unstable; urgency=medium * Upload version compatible with PHP 8 to unstable [ Matthieu Marcillaud ] * Version 4.0.2 -- David Prévot Tue, 25 Jan 2022 18:18:01 -0400 spip (4.0.1-1) experimental; urgency=medium * Upload new major version to experimental [ Matthieu Marcillaud ] * Version 4.0.1 * PHP 8 compat (Closes: #977340) [ David Prévot ] * Revert "Track version 3 for now" * Factorize minification * Don’t ship: - vcs-control-file, - composer, phpcs, phpstan files, - icones sources * Drop dependencies: - libjs-jquery-ui - libjs-jquery-colorbox - libjs-jquery-flot - libjs-jquery-migrate-1 - libjs-excanvas - libjs-moment * Add dependencies: - libjs-twitter-bootstrap-datepicker - libjs-sortable - libjs-prefix-free * Update js.cookie.js path * Update copyright -- David Prévot Fri, 24 Dec 2021 16:36:42 -0400 spip (3.2.12-1) unstable; urgency=medium [ Matthieu Marcillaud ] * Version 3.2.12 [ David Prévot ] * Track version 3 for now * Update copyright (years) * Update standards version to 4.6.0, no changes needed. * Drop misplaced changelog -- David Prévot Tue, 14 Dec 2021 11:47:02 -0400 spip (3.2.11-3) unstable; urgency=medium * Adapt symlink to changed path in latest node-js-cookie. Thanks to Andreas Beckmann (Closes: #988853) -- David Prévot Fri, 21 May 2021 11:14:54 -0400 spip (3.2.11-2) unstable; urgency=medium * Upload to unstable with the Release Team approval * Update debian/copyright -- David Prévot Fri, 26 Mar 2021 15:37:27 -0400 spip (3.2.11-1) experimental; urgency=medium * Upload to experimental during the freeze [ Matthieu Marcillaud ] * Compat PHP 7.4 * Version SPIP 3.2.11 [ David Prévot ] * Refresh patches header -- David Prévot Fri, 26 Mar 2021 13:45:07 -0400 spip (3.2.9-1) unstable; urgency=medium * Critical security fixes, allowing identified authors to execute arbitrary PHP code, and XSS [ Matthieu Marcillaud ] * Version 3.2.9 [ David Prévot ] * Update mutualisation to 1.4.7 * Simplify gbp import-orig -- David Prévot Fri, 12 Feb 2021 14:33:59 -0400 spip (3.2.8-2) unstable; urgency=medium * Document CVE IDs in previous changelog entries * Use minify instead of uglifyjs (Closes: #979960) * Update watch file format version to 4. * Update Standards-Version to 4.5.1 * Drop d/lintian-overrides, syntax changed -- David Prévot Tue, 12 Jan 2021 09:11:37 -0400 spip (3.2.8-1) unstable; urgency=medium * Critical security fix, allowing identified authors to execute arbitrary PHP code [CVE-2020-28984] [ Matthieu Marcillaud ] * Version 3.2.8 [ David Prévot ] * Allow Apache to access some directories in /var/lib/spip/sites/ Thanks to Vincent * Rename main branch to debian/latest (DEP-14) * debian/watch: Adapt to lowercase spip * debian/control: - Set Rules-Requires-Root: no. - Update standards version to 4.5.0, no changes needed - Use debhelper-compat 13 * debian/rules: - Simplify dh_link override - Adapt get-orig-source to Git source * debian/mutualisation: - Update mutualisation as of r125427 - Update mutualisation to Git source * debian/upstream/metadata: - Set upstream metadata fields: Bug-Database, Bug-Submit. - Fix URLs * debian/copyright: - Update Source - Update years -- David Prévot Tue, 29 Sep 2020 17:03:05 -0400 spip (3.2.7-1) unstable; urgency=medium * Critical security fix, allowing identified authors to inject content into database [CVE-2019-19830] [ ben.spip@gmail.com ] * SPIP 3.2.7 [ David Prévot ] * Add CVE ID to previous changelog entry * Update standards version to 4.4.1, no changes needed. * Set upstream metadata fields: Repository, Repository-Browse. -- David Prévot Thu, 12 Dec 2019 10:02:58 -1000 spip (3.2.5-1) unstable; urgency=medium * Critical security fix, allowing unidentified visitor to modify any published content and execute other modifications in database [CVE-2019-16391] * Other security fixes: - better sanitization on redirections [CVE-2019-16393] - don’t disclose if user exists when resetting password [CVE-2019-16394] - better error message sanitization on login page [CVE-2019-16392] [ ben.spip@gmail.com ] * SPIP 3.2.5 [ David Prévot ] * Add CVE ID to previous changelog entry * Refresh patch headers * Update standards version, no changes needed. * Fix manpage section -- David Prévot Mon, 16 Sep 2019 09:01:57 -1000 spip (3.2.4-1) unstable; urgency=medium * Critical security fix allowing arbitrary code execution to any identified visitor [CVE-2019-11071] (Closes: #926764) [ ben.spip@gmail.com ] * SPIP 3.2.4 -- David Prévot Wed, 10 Apr 2019 14:21:19 +0900 spip (3.2.3-1) unstable; urgency=medium [ ben.spip@gmail.com ] * SPIP 3.2.3 tag spip [ David Prévot ] * Update mutualisation to 1.4.5 * Update copyright * Use debhelper-compat 12 * Update Standards-Version to 4.3.0 -- David Prévot Thu, 24 Jan 2019 11:27:02 -1000 spip (3.2.1-1) unstable; urgency=medium [ David Prévot ] * New upstream version * Use priority optional * Update mutualisation to 1.4.4 * Drop dead list from Maintainer (and Romain from Uploaders) Closes: #899895 * Move project repository to salsa.d.o * Use https whenever possible in debian/ * Use debhelper-compat 11 * Update Standards-Version to 4.2.1 * Depend on - libjs-jquery-migrate-1 - libjs-moment - node-js-cookie instead of libjs-jquery-cookie - php-xml (split from php) * Recommend default-mysql-server instead of mysql-server (Closes: #848450) * Use shipped in version of php-html-safe * Get rid of Cherokee configuration * Use dh-apache2 to handle the default webserver configuration * Drop old symlink conversions * Update copyright * Update minimisation * Use rewrite for multisite * Make chown non-recursive in postinst * Drop trailing whitespace in changelog -- David Prévot Wed, 28 Nov 2018 16:37:40 -1000 spip (3.1.4-2) unstable; urgency=medium * Fix broken symlink with recent libjs-jquery-ui. Thanks to Andreas Beckman (Closes: #857818) * Backport security fixes from 3.2-alpha-1 - Reflected Cross Site Scripting Vulnerabilities in /ecrire/exec/puce_statut.php and /ecrire/exec/info_plugin.php [CVE-2016-9997] [CVE-2016-9998] (Closes: #848641) - Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php [CVE-2016-9152] (Closes: #847156) * Remove incorrect statement that those security issues had been fixed from the previous changelog entry * Remove incorrect execution bit for ecrire/inc/idna_convert.class.php -- David Prévot Wed, 26 Apr 2017 20:51:45 -1000 spip (3.1.4-1) unstable; urgency=high [ Adriano Rafael Gomes ] * Add Brazilian Portuguese debconf templates translation (Closes: #829339) [ David Prévot ] * New upstream version 3.1.4, with security fix: - Arbitrary PHP execution code * Update mutualisation to 1.3.5 * Update copyright -- David Prévot Sat, 11 Mar 2017 08:24:16 -1000 spip (3.1.3-1) unstable; urgency=high * Upload stable 3.1 branch to unstable for Stretch * Document CVE in previous changelog entry * New upstream version 3.1.2, with non-critical XSS security fixes * New upstream version 3.1.3, with security fixes: - Exec Code Cross-Site Request Forgery [CVE-2016-7980] - Reflected Cross-Site Scripting [CVE-2016-7981] - File Enumeration / Path Traversal [CVE-2016-7982] - Template Compiler/Composer PHP Code Execution [CVE-2016-7998] - Server Side Request Forgery [CVE-2016-7999] * Refresh mutualisation as of r99658 * Update Standards-Version to 3.9.8 -- David Prévot Thu, 13 Oct 2016 07:33:27 -1000 spip (3.1.1-1) experimental; urgency=high * Imported Upstream version 3.1.1, with security fixes: - PHP code injection [CVE-2016-3153] - Objects injection via unserialize [CVE-2016-3154] * Update mutualisation to 1.2.8 * Depend on php-* instead of php5-* for the php 7.0 transition * Update copyright * Update Standards-Version to 3.9.7 -- David Prévot Thu, 10 Mar 2016 21:24:26 -0400 spip (3.1.0-1) experimental; urgency=medium * Imported Upstream version 3.1 * Refresh mutualisation as of r94388 * Update copyright (years) -- David Prévot Sun, 10 Jan 2016 11:46:47 -0400 spip (3.1.0~rc3-1) experimental; urgency=medium * Imported Upstream version 3.1.0~rc3 -- David Prévot Thu, 10 Dec 2015 14:56:29 -0400 spip (3.1.0~rc-1) experimental; urgency=medium * Imported Upstream version 3.1.0~rc * Update mutualisation to 1.2.6 * Update packaging to embedded jstree * Update copyright * Update watch URL -- David Prévot Sun, 01 Nov 2015 17:37:36 -0400 spip (3.1.0~beta1-1) experimental; urgency=medium [ erational@erational.org ] * remplacement des http://doc.spip.org par http://code.spip.net (Francky) * passage du copyright en 2015 [ David Prévot ] * Use embedded partial copy of w3c-dtd-xhtml (Closes: #787179) * Update mutualisation to 1.2.5 * Update copyright -- David Prévot Wed, 24 Jun 2015 09:11:00 -0400 spip (3.1.0~beta-1) experimental; urgency=medium * Imported Upstream version 3.1.0~beta * Update mutualisation to 1.2.3 * Document upstream VCS * Update copyright * Minify new JavaScript file at build time -- David Prévot Sun, 10 May 2015 22:25:29 -0400 spip (3.1.0~alpha-1) experimental; urgency=medium * Adapt watch file for alpha * Update mutualisation to 85970 (doc URL changed) * Imported Upstream version 3.1.0~alpha -- David Prévot Tue, 11 Nov 2014 09:16:20 -0400 spip (3.1~21775-1) experimental; urgency=medium [ Frans Spiesschaert ] * Add Dutch translation of debconf messages (Closes: #766642) [ David Prévot ] * Bump standards version to 3.9.6 * Exclude sourceless Flash and Silverlight files * Imported Upstream version 3.1~21775 * Update copyright * Update compressed JavaScript files * Update symlinks * Use libjs-mediaelement and php-getid3 instead of embedded copy -- David Prévot Tue, 04 Nov 2014 15:10:55 -0400 spip (3.1~21533-1) experimental; urgency=medium * Simplify install * Fix faulty symlinks * Imported Upstream version 3.1~21533 -- David Prévot Tue, 26 Aug 2014 12:09:32 -0400 spip (3.1~21513-1) experimental; urgency=medium * Imported Upstream version 3.1~21513 -- David Prévot Wed, 13 Aug 2014 12:09:11 -0400 spip (3.1~21458-1) experimental; urgency=medium * Imported Upstream version 3.1~21458 * Update copyright * Update jQuery UI internal path -- David Prévot Wed, 30 Jul 2014 13:57:23 -0400 spip (3.1~21406-1) experimental; urgency=medium * Imported Upstream version 3.1~21406 * Revert "Document repack": fixed upstream -- David Prévot Mon, 16 Jun 2014 19:43:19 -0400 spip (3.1~21361+dfsg-1) experimental; urgency=medium * Use Files-Excluded feature instead of d/repack.sh * Imported Upstream version 3.1~21361 * Strip away copyrighted ICC profiles * Document repack -- David Prévot Mon, 12 May 2014 21:58:49 -0400 spip (3.1~21294-1) experimental; urgency=medium * Imported Upstream version 3.1~21294 * Reorder rules * Depend on php-pclzip instead of libphp-pclzip -- David Prévot Sat, 10 May 2014 11:47:45 -0400 spip (3.1~21281-1) experimental; urgency=medium * Update mutualisation to 1.2.2 * Update copyright years * Imported Upstream version 3.1~21281 -- David Prévot Wed, 19 Mar 2014 14:45:36 -0400 spip (3.1~21175-1) experimental; urgency=medium * Document fixed security issue in 3.0.13 * Imported Upstream version 3.1~21175 -- David Prévot Tue, 11 Feb 2014 16:14:24 -0400 spip (3.1~21100-1) experimental; urgency=medium * Update mutualisation (PHP < 5.3 compat) * Imported Upstream version 3.1~21100 * Update copyright years -- David Prévot Sat, 11 Jan 2014 16:07:38 -0400 spip (3.1~21086-1) experimental; urgency=medium * Imported Upstream version 3.1~21086 -- David Prévot Wed, 25 Dec 2013 15:48:44 -0400 spip (3.1~20970-1) experimental; urgency=low * Update repack.sh for 3.1 * Imported Upstream version 3.1~20970 * Remove libjs-ie7 dependency: plugins-dist/msie_compat is not shipped anymore * Use libjs-jquery-colorbox back: the embedded version has been updated * Update packaging to 3.1 branch * Refresh patches * Factorize copyright -- David Prévot Sat, 16 Nov 2013 10:16:10 -0400 spip (3.0.13-1) unstable; urgency=low * Upload to unstable: Jessie will not be released with 2.1 * Document CVE in previous changelog entries * Imported Upstream version 3.0.13: - Fix XSS on signature from author [CVE-2013-7303] (Closes: #736170) -- David Prévot Tue, 12 Nov 2013 13:29:59 -0400 spip (3.0.12-1) experimental; urgency=low * Imported Upstream version 3.0.12 (Closes: #729172): - Fix XSS on author page [CVE-2013-4556] * Update security screen to 1.1.8: - Avoid PHP injection in $connect [CVE-2013-4557] * Use embedded jQuery ColorBox outdated version: The current code actually depend on this version, and it doesn’t work well with the version from the Debian package * Recommend php5-sqlite, needed for DB export * Handle patch set with gbp pq * Update mutualisation’s translations * Bump standards version to 3.9.5 * Use uglifyjs instead of yui-compressor * Remove now useless README.source -- David Prévot Sat, 09 Nov 2013 15:42:46 -0400 spip (3.0.11-1) experimental; urgency=low * Imported Upstream version 3.0.11 * Update mutualisation’s copyright -- David Prévot Fri, 09 Aug 2013 22:45:09 +0200 spip (3.0.10-2) experimental; urgency=low * libjs-flot has been renamed into libjs-jquery-flot * Transition towards apache 2.4 (Closes: #669794) * Make symlinks relative (Policy 10.5) * Enable /spip alias by default * Make multisite.php PHP 5.5 compatible * Refer to Apache-2.0 from /usr/share/common-licenses * Update mutualisation to 1.2.1 -- David Prévot Wed, 17 Jul 2013 18:04:10 -0400 spip (3.0.10-1) experimental; urgency=low * Imported Upstream version 3.0.10: - Fix CSRF on logout [CVE-2013-4555] * Document CVE in previous changelog entry -- David Prévot Mon, 27 May 2013 15:46:39 -0400 spip (3.0.9-1) experimental; urgency=low * New upstream version: fix privilege escalation (Closes: #709674) [CVE-2013-2118] * Minify new prive/javascript/login-sha-min.js at build time -- David Prévot Fri, 24 May 2013 22:25:48 -0400 spip (3.0.8-1) experimental; urgency=low * New major upstream version * The web server should point to /usr/share/spip instead of /var/lib/spip * security screen now part of upstream tarball * extensions has moved into plugins-dist * squelettes-dist now installed in /usr/share/spip * debian/control: - Depends on libjs-excanvas, libjs-ie7, libjs-flot, libjs-jquery-colorbox, libjs-jquery-ui, libphp-pclzip, php-xml-htmlsax3, and w3c-dtd-xhtml - Build-Depends on yui-compressor * debian/rules: - Delete new unneeded files - Delete embedded copies and symlink to the new dependencies - Minify JavaScript files - Make dh_fixperms a bit more aggressive * debian/copyright: Update * debian/links, debian/repack.sh: - Adapt to safehtml move - Delete sourceless files from ie7-js * debian/patches/: Refresh patches * debian/examples: Move mutualisation/outils to examples * debian/README.source: - Renamed from debian/README.Debian-source - Document get-orig-source target ie7-js removal -- David Prévot Tue, 07 May 2013 14:55:09 -0400 spip (2.1.21-1) unstable; urgency=low * New upstream version: various minor bugs fixed * debian/control: - Vcs-Git and Vcs-Browser updated to the Git repository - Bump standards to 3.9.4 * debian/patches/: Refresh patches * debian/templates: Remove mention of old apache and apache-ssl -- David Prévot Tue, 07 May 2013 13:21:53 -0400 spip (2.1.20-1) experimental; urgency=low * New upstream version: various minor bugs fixed * debian/repack.sh: Automatise repack * debian/copyright: Update year * debian/patches/dont_display_next_version.patch: Refresh patch * debian/patches/fix_displayed_version.patch, debian/rules: Improve version substitution * Update security screen file to 1.1.5 -- David Prévot Tue, 02 Apr 2013 15:13:52 -0400 spip (2.1.19-1) experimental; urgency=low * New upstream version: - #PARAMETRE_FORUM fix; - various partial backup fixes; - 42 new document types; - array shortcut bug fix. * Update security screen file to 1.1.4. * Update mutualisation to r67950. * Remove now useless preinst. -- David Prévot Mon, 26 Nov 2012 21:13:40 -0400 spip (2.1.17-1) unstable; urgency=low * New upstream version, fixes base disclosure (Closes: #683667). -- David Prévot Thu, 02 Aug 2012 12:34:29 -0400 spip (2.1.16-1) unstable; urgency=high * New upstream version: - fixes PHP injection (Closes: #680118); - fixes growing session directory; - fixes PHP 5.4 compatibility. * Update security screen file to 1.1.3. -- David Prévot Wed, 04 Jul 2012 08:42:01 -0400 spip (2.1.15-1) unstable; urgency=high * New upstream version, fixes cross site scripting. Closes: #677290 * Update security screen file to 1.1.2. -- David Prévot Tue, 12 Jun 2012 19:16:49 -0400 spip (2.1.14-2) unstable; urgency=low * Don't display next upstream version in the private interface. * Make the copyright compliant to format 1.0. -- David Prévot Wed, 06 Jun 2012 17:04:42 -0400 spip (2.1.14-1) unstable; urgency=low * New upstream version, fixes cross site scripting. Closes: #672961 * Update security screen file to 1.1.0. * Add CVE number to previous entry (#671264 related). -- David Prévot Mon, 14 May 2012 21:12:03 -0400 spip (2.1.13-1) unstable; urgency=high * New upstream version, fixes cross site scripting. [CVE-2012-2151] Closes: #670110 * Fix path in README. Closes: #651157 * Document more installation steps (partially address: #612467). * Add DEP-3 compliant headers. * Fix displayed version in the private interface. * Bumped standards to 3.9.3. * Update copyright. * Move more links from debian/rules to debian/links. * Update security screen file to 1.0.10. * Update mutualisation. -- David Prévot Sun, 22 Apr 2012 22:02:42 -0400 spip (2.1.12-1) unstable; urgency=high * New upstream release, fixes privilege escalation and cross site scripting. Closes: #649113 * Add self as uploader. * Bumped standards to 3.9.2. * Depend on and use fonts-dustin, libjs-jquery-cookie and libjs-jquery-form instead of shipped ones. * Use dh 7. * Update security screen file to 1.0.6. -- David Prévot Thu, 17 Nov 2011 17:53:48 -0400 spip (2.1.11-0.1) unstable; urgency=low * Non-maintainer upload. [ Romain Beauxis ] * New upstream release. Closes: #646758 * Switch to dpkg-source 3.0 (quilt) format. [ David Prévot ] * Add Vcs-* control fields. * Added da.po debconf translation, thanks to Joe Hansen. Closes: #623103 -- David Prévot Wed, 26 Oct 2011 18:14:12 -0400 spip (2.1.1-3) unstable; urgency=high * Added security screen file (ecran_securite.php). Fixes all known security issues in spip. Closes: #609212, Closes: #610016 -- Romain Beauxis Tue, 18 Jan 2011 14:01:35 -0600 spip (2.1.1-2) unstable; urgency=high * Added patch to fix int overflow in articles' published date. Thanks to David Prévot for reporting. Closes: #597026 -- Romain Beauxis Sat, 18 Sep 2010 15:08:53 -0500 spip (2.1.1-1) unstable; urgency=low * New upstream release. * Bumped standards to 3.9.0 -- Romain Beauxis Tue, 03 Aug 2010 15:29:14 -0500 spip (2.1-6) unstable; urgency=low * There is no need to add a link to common/ in each site's plugin directory. -- Romain Beauxis Wed, 23 Jun 2010 02:03:09 +0200 spip (2.1-5) unstable; urgency=high * Added es.po debconf translation, thanks to Ricardo Fraile. Closes: #580617 * Fixed safehtml class instantiation to use the packaged one. This issue lead to failures so setting priority to high to propagate quickly. -- Romain Beauxis Sat, 05 Jun 2010 22:25:18 -0500 spip (2.1-4) unstable; urgency=low * Added a themes/ directory to install optional themes. * Removed special chmod.php file not needed after the changes in the previous upload. * Now multisite can be defined using regexp. * Install missing extensions/ * Added debian/watch. -- Romain Beauxis Tue, 04 May 2010 11:05:59 -0500 spip (2.1-3) unstable; urgency=low * Fixed default rights for created directories and files. * Fixed default directory for automatically installed plugins. * Enabled short images option by default. -- Romain Beauxis Thu, 29 Apr 2010 17:47:04 -0500 spip (2.1-2) unstable; urgency=low * Fixed plugins and mutualisation: the variable _DIR_PLUGINS in mes_options.php is now called _DIR_PLUGINS_SUPPL * Fixed url_img_courtes. Thanks to David Prévot for reporting and proposing a patch. Closes: #577274 -- Romain Beauxis Fri, 16 Apr 2010 17:14:11 -0500 spip (2.1-1) experimental; urgency=low * New upstream release. * Removed safehtml patch, replaced by a symlink. * Bumped standards to 3.8.4 * There is a bug with the mutualisation and the plugins so uploading to experimental for now.. -- Romain Beauxis Mon, 12 Apr 2010 02:44:56 +0200 spip (2.0.10-1) unstable; urgency=low * New upstream release. * Bumped standards version to 3.8.3 -- Romain Beauxis Thu, 05 Nov 2009 16:08:03 -0600 spip (2.0.9-1) unstable; urgency=high * New upstream release, fixing security issue. See: http://www.spip-contrib.net/SPIP-Security-Alert-new-version for more details. -- Romain Beauxis Sun, 09 Aug 2009 11:13:15 -0500 spip (2.0.8-3) unstable; urgency=low * Fixed bashism in spip_rm_site script. Closes: #535885 -- Romain Beauxis Fri, 31 Jul 2009 02:26:58 +0200 spip (2.0.8-2) unstable; urgency=low * Fix bashism in spip_add_site Closes: #530193 * Added description of what exactly is SPIP in long description. Closes: #521682 -- Romain Beauxis Fri, 19 Jun 2009 01:24:03 +0200 spip (2.0.8-1) unstable; urgency=low * New upstream release. * Bumped standards version to 3.8.2 * Bumped compat to 7 -- Romain Beauxis Mon, 08 Jun 2009 17:40:44 +0200 spip (2.0.7-1) unstable; urgency=high * New upstream release. * This release fixes security issues, hence setting urgency to high. * Added extra security options for apache2.conf -- Romain Beauxis Wed, 15 Apr 2009 23:34:13 -0400 spip (2.0.6-2) unstable; urgency=low * Fixed alias in apache.conf. -- Romain Beauxis Wed, 18 Mar 2009 09:07:33 +0100 spip (2.0.6-1) unstable; urgency=low * New upstream release. * Initial upload to unstable. -- Romain Beauxis Tue, 17 Mar 2009 20:05:14 +0100 spip (2.0.5-1) experimental; urgency=low * New upstream version. * Should upload to unstable quite soon. -- Romain Beauxis Fri, 06 Mar 2009 20:06:46 +0100 spip (2.0.3-1) experimental; urgency=low * New upstream release. * Added Italian debconf translations, thanks to Vincenzo Campanella ! Closes: #510291 * Added Basque debconf translations, thanks to Piarres Beobide ! Closes: #510299 * Added Czech debconf translations, thanks to Martin Šín ! Closes: #510301 * Added Swedish debconf translations, thanks to Martin Bagge ! Closes: #510302 * Added Finnish debconf translations, thanks to Esko Arajärvi ! Closes: #510384 * Added Galician debconf translations, thanks to Marce Villarino ! Closes: #510391 * Added German debconf translations, thanks to Helge Kreutzmann ! Closes: #510541 * Added Portuguese debconf translations, thanks to Miguel Figueiredo ! Closes: #510640 * Added Japanese debconf translations, thanks to Hideki Yamane ! Closes: #510892 * Added French debconf translations, thanks to Jean Guillou ! Closes: #511008 * Added Russian debconf translations, thanks to Yuri Kozlov ! Closes: #512165 -- Romain Beauxis Sun, 18 Jan 2009 22:00:35 +0100 spip (2.0.2-1) experimental; urgency=low * New upstream release. -- Romain Beauxis Wed, 31 Dec 2008 04:18:22 +0100 spip (2.0.0-1) experimental; urgency=low * First release of the 2.0 branch ! * Moved dist/ to squelettes-dist/, added preinst maintainer script to handle that when upgrading from previous package. * Updated debian/copyright with GPL version 3 or above. -- Romain Beauxis Sat, 13 Dec 2008 03:25:47 +0100 spip (2.0.0~beta12262-2) experimental; urgency=low * Fixed safehtml inclusion patch -- Romain Beauxis Tue, 19 Aug 2008 11:56:54 +0200 spip (2.0.0~beta12262-1) experimental; urgency=low * New upstream release, first beta for 2.0.0 release * Added options details for mes_options.php * Added apache2.conf virtual host configuration file example * Depends and use libjs-jquery instead of shipped one * Partially fixed default mod for created file -- Romain Beauxis Thu, 31 Jul 2008 01:34:34 +0200 spip (1.9.3~svn12054-1) experimental; urgency=low * New upstream release. * Updated standards version. -- Romain Beauxis Sun, 13 Jul 2008 17:18:06 +0200 spip (1.9.3~svn11347-2) experimental; urgency=low * Added plugins support and directories -- Romain Beauxis Thu, 27 Mar 2008 12:16:26 +0100 spip (1.9.3~svn11347-1) experimental; urgency=low * New svn snapshot * Added recommends to image conversion tools supported. -- Romain Beauxis Tue, 29 Jan 2008 02:49:10 +0100 spip (1.9.3~svn11152-1) experimental; urgency=low * New upstream release * Updated standards to 3.7.3 -- Romain Beauxis Tue, 29 Jan 2008 02:38:39 +0100 spip (1.9.3~svn10413-2) experimental; urgency=low * Patched source to work with php-html-safe -- Romain Beauxis Wed, 10 Oct 2007 02:58:22 +0200 spip (1.9.3~svn10413-1) experimental; urgency=low * Initial release (Closes: #426069) * Temporaly removed file HTMLSax3.php -- Romain Beauxis Tue, 25 Sep 2007 00:31:03 +0200