tryton-server (3.4.0-3+deb8u3) jessie-security; urgency=high * Add 05_CVE-2017-0360_sanitize_file_open.patch (CVE-2017-0360). Sanitize path in file_open against suffix. The patch for CVE-2016-1242 did not cover all cases. Indeed there is a case where an external file could be retrieved if it is stored in a folder next to the root of trytond starting with the same name but with a suffix. Example: '../trytond_suffix'. -- Mathias Behrle Tue, 28 Mar 2017 12:28:15 +0200 tryton-server (3.4.0-3+deb8u2) jessie-security; urgency=high * Adapting the release of the last changelog entry to be in sync with the archive. * CVE-2016-1241 Adding patch 03-CVE-2016-1241_prevent_read_of_password_hash.patch. * CVE-2016-1242 Adding 04-CVE-2016-1242_sanitize_path_in_file_open.patch. -- Mathias Behrle Fri, 26 Aug 2016 12:07:53 +0200 tryton-server (3.4.0-3+deb8u1) jessie-security; urgency=high * Adding patch 02-CVE-2015-0861_field_access_on_multi_write.patch. Field access was only checked for the field defined in the first values dictionary, but it must be checked for all dictionaries in *args. - https://bugs.tryton.org/issue5167 - https://codereview.tryton.org/22631002 -- Mathias Behrle Sat, 05 Dec 2015 12:37:37 +0100 tryton-server (3.4.0-3) unstable; urgency=medium * Removing on purge also the data directory of tryton-server. -- Mathias Behrle Sun, 14 Dec 2014 15:48:51 +0100 tryton-server (3.4.0-2) unstable; urgency=medium * Adding path to the configuration file to the commands in the README. * Adding path to the configuration file to the commands in NEWS. * Correcting conf file handling. * Improving the documentation in trytond.conf. * Correcting documentation in trytond.conf to reflect current ipv6 behavior. -- Mathias Behrle Sun, 07 Dec 2014 15:26:32 +0100 tryton-server (3.4.0-1) unstable; urgency=medium * Merging upstream version 3.4.0. * Adding a default configuration file. * Removing the configuration patches, no more needed. * Updating copyright, the backport of orderddict was removed. * Updating man page. * Adding a logging configuration file needed for version 3.4. * Correcting the SSL settings in trytond.conf to keep old behavior. * Removing old logrotate configuration, no more needed. * Using the subdirectory /etc/tryton for all configuration files. * Updating README.Debian for version 3.4. * Adding NEWS for the new version 3.4. * Adding 01_migrate_obsolete_ldap_connection patch. * Setting ownership and permissions for the logging configuration file. * Removing also dpkg-statoverrides for trytond_log.conf on purge. * Adapting tryton-server.default to the new setup. -- Mathias Behrle Thu, 23 Oct 2014 13:22:34 +0200 tryton-server (3.2.3-1) unstable; urgency=high * Adding actual upstream signing key. * Updating to Standards-Version: 3.9.6, no changes needed. * Merging upstream version 3.2.3. * Contains fixes for CVE-2014-6633. This patch introduces fixes to not allow double underscores in safe_eval and uses literal_eval wherever possible. S.a https://bugs.tryton.org/issue4155. -- Mathias Behrle Tue, 30 Sep 2014 12:08:43 +0200 tryton-server (3.2.2-1) unstable; urgency=medium * Adding a tryton-server.service file. * Merging upstream version 3.2.2. -- Mathias Behrle Tue, 26 Aug 2014 14:33:42 +0200 tryton-server (3.2.1-1) unstable; urgency=medium * Updating signing key while using now plain .asc files instead of .pgp binaries. * Building with dh-systemd to provide clean interaction when switching init systems. * Improving setup directions in README. * Merging upstream version 3.2.1. -- Mathias Behrle Wed, 02 Jul 2014 14:05:43 +0200 tryton-server (3.2.0-1) unstable; urgency=medium * Merging upstream version 3.2.0. * Bumping minimal required Python version to 2.7. * Updating gbp.conf for usage of upstream tarball compression. * Adding news for new major. * Updating Recommends and Suggests for version 3.2. * Updating manpage. -- Mathias Behrle Thu, 24 Apr 2014 15:30:29 +0200 tryton-server (3.0.4-1) unstable; urgency=medium * Merging upstream version 3.0.4. -- Mathias Behrle Wed, 16 Apr 2014 15:11:11 +0200 tryton-server (3.0.3-1) unstable; urgency=medium * Adding the tryton user to the ssl-cert group on fresh installs. * Reviewing and updating README.Debian. * Merging upstream version 3.0.3. * Updating copyright. -- Mathias Behrle Wed, 26 Mar 2014 18:50:26 +0100 tryton-server (3.0.2-2) unstable; urgency=medium * Updating year in debian copyright. * Removing debian/source/options, we are building with dpkg defaults. * Removing PYBUILD_DESTDIR_python2 from rules, it is no more needed. * Adding pgp verification for uscan. * Adding gbp.conf for usage with git-buildpackage. * Re-enabling PYBUILD_DESTDIR_python2, it is needed in a multibinary package. -- Mathias Behrle Wed, 12 Mar 2014 12:48:48 +0100 tryton-server (3.0.2-1) unstable; urgency=medium * Using dpkg-statoverride to allow local overrides of (otherwise) enforced restricted access permissions to /etc/trytond.conf, /var/lib/tryton and /var/log/tryton. * Merging upstream version 3.0.2. -- Mathias Behrle Sun, 19 Jan 2014 19:43:23 +0100 tryton-server (3.0.1-1) unstable; urgency=low * Merging upstream version 3.0.1. -- Mathias Behrle Wed, 11 Dec 2013 13:00:01 +0100 tryton-server (3.0.0-2) unstable; urgency=low * Pointing VCS fields to new location on alioth.debian.org. * Using dpkg defaults for xz compression. * Adding SSL packages to Recommends. * Moving unoconv from Suggests to Recommends. * Renaming 01-debian-data-dir to 01-debian-data-dir.patch. * Adding 02-snakeoil-certs.patch * Improving 01-debian-data-dir.patch according to dep3. -- Mathias Behrle Mon, 02 Dec 2013 21:18:12 +0100 tryton-server (3.0.0-1) unstable; urgency=low * Adding tryton-server-doc to Suggests. * Adding tryton-modules-all to Suggests. * Merging upstream version 3.0.0. * Updating Depends. * Refreshing patches. * Adding NEWS for the new major version 3.0.0. * Updating README.Debian. * Removing echo messages from postinst. * Updating manpage. * Updating to standards version 3.9.5, no changes needed. * Changing to buildsystem pybuild. -- Mathias Behrle Mon, 25 Nov 2013 17:56:04 +0100 tryton-server (2.8.3-1) unstable; urgency=low * Merging upstream version 2.8.3. -- Mathias Behrle Sun, 13 Oct 2013 20:24:05 +0200 tryton-server (2.8.2-1) unstable; urgency=low * Adding copyright and license for trytond/tools/ordereddict.py (Closes: #716781). * Moving sphinx-build to override_dh_auto_build. * Removing pydist-overrides, it is no more needed. * Removing inadvertently comitted .pc directory. * Adapting the rules file to work also with git-buildpackage. * Merging upstream version 2.8.2. -- Mathias Behrle Mon, 05 Aug 2013 21:23:58 +0200 tryton-server (2.8.1-1) unstable; urgency=low * Merging upstream version 2.8.1. -- Mathias Behrle Mon, 10 Jun 2013 13:52:34 +0200 tryton-server (2.8.0-2) unstable; urgency=low * Builduing new package tryton-server-doc from sphinx documentation. * Reordering overrides in rules file. * Adding new major hint to NEWS. -- Mathias Behrle Fri, 31 May 2013 17:27:41 +0200 tryton-server (2.8.0-1) experimental; urgency=low * Merging upstream version 2.8.0. * Updating copyright. * Adjusting Recommends for Tryton version 2.8. -- Mathias Behrle Thu, 02 May 2013 15:21:23 +0200 tryton-server (2.6.3-3) experimental; urgency=low * Updating README.Debian to current version. * Adding group read permissions to trytond conf file. * Removing Daniel from Uploaders. Thanks for your work! (Closes: #704410). * Fixing a typo in README.Debian. -- Mathias Behrle Sat, 27 Apr 2013 15:25:06 +0200 tryton-server (2.6.3-2) experimental; urgency=low * Updating Vcs-Git to correct address. * Adding watch file. Thanks to Bart Martens . -- Mathias Behrle Sat, 23 Mar 2013 14:01:37 +0100 tryton-server (2.6.3-1) experimental; urgency=low * Removing obsolete Dm-Upload-Allowed * Updating and adding options to man page (Closes: #691556). * Updating to Standards-Version: 3.9.4, no changes needed. * Merging upstream version 2.6.1. * Merging upstream version 2.6.2. * Merging upstream version 2.6.3. * Escaping correctly the - sign in man page. * Updating copyright. -- Mathias Behrle Sat, 16 Feb 2013 21:45:02 +0100 tryton-server (2.6.0-1) experimental; urgency=low * Merging upstream version 2.6.0. -- Mathias Behrle Wed, 24 Oct 2012 14:25:28 +0200 tryton-server (2.4.2-2) experimental; urgency=low [ Daniel Baumann ] * Updating maintainers field. * Updating vcs fields. * Switching to xz compression. * Updating to debhelper version 9. * Correcting copyright file to match format version 1.0. * Sorting overrides alphabetically in rules. [ Mathias Behrle ] * Merging branch debian-wheezy-2.2 (Closes: #687747). -- Mathias Behrle Sun, 16 Sep 2012 12:54:49 +0200 tryton-server (2.4.2-1) experimental; urgency=high * Merging upstream version 2.4.2. * This release fixes CVE-2012-2238 https://bugs.tryton.org/issue2757 http://hg.tryton.org/2.4/trytond/rev/279f0031b461 -- Mathias Behrle Tue, 11 Sep 2012 13:27:37 +0200 tryton-server (2.4.1-1) experimental; urgency=low * Merging upstream version 2.4.0. * Merging upstream version 2.4.1. * Updating Copyright. * Removing patch 02-support-pywebdav-0.9.8, went upstream. * Refreshing patch 01-debian-data-dir. * Removing versioned Recommend of pywebdav, 0.9.8 is in testing. -- Mathias Behrle Thu, 26 Apr 2012 19:36:51 +0200 tryton-server (2.2.2-1) unstable; urgency=high * Merging upstream version 2.2.2. This upstream version contains the fix for CVE-2012-0215: Don't allow rpc call on ModelStorage without ModelView * Refreshing 02-support-pywebdav-0.9.8 patch. -- Mathias Behrle Wed, 28 Mar 2012 23:15:53 +0200 tryton-server (2.2.1-3) unstable; urgency=low * Adding backport of shared WebDAV to debian/patches/02-support-pywebdav-0.9.8. * Adding NEWS file for upgrade to shared WebDAV. * Adding versioned Recommend for python-webdav >= 0.9.8. -- Mathias Behrle Wed, 28 Mar 2012 13:38:01 +0200 tryton-server (2.2.1-2) unstable; urgency=low * Moving python-psyopg2 to Recommends. * Updating to Standards-Version: 3.9.3, no changes needed. * Updating year in copyright. * Adding Format header for DEP5. * Adding patch to support new structure of pywebdav > 0.9.4.1. -- Mathias Behrle Tue, 27 Mar 2012 10:38:02 +0200 tryton-server (2.2.1-1) unstable; urgency=low * Merging upstream version 2.2.1. * Bumping X-Python-Version to >=2.6. * Updating version in man page. * Adding python-polib to pydist-overrides. * Updating Depends and Suggests for version 2.2.0. * Setting the data_path of trytond to the home of the tryton user (Closes: #624350). * Updating copyright. * Removing 01-dfsg-icons patch, patch went upstream. * Merging upstream version 2.2.0. -- Mathias Behrle Mon, 26 Dec 2011 13:56:34 +0100 tryton-server (2.0.2+dfsg-1) unstable; urgency=low * Merging upstream version 2.0.2+dfsg. * Removing tango-icon-theme from Depends. * Adding Bug URL to dfsg-icons patch. * Rediffing dfsg-icons patch. * Reordering anf fixing license for public-domain. -- Mathias Behrle Mon, 03 Oct 2011 14:54:36 +0200 tryton-server (2.0.1+dfsg-3) unstable; urgency=low * Removing logrotate from Recommends, trytond uses internal logrotate handler. * Removing deprecated XB-Python-Version for dh_python2. * Adding license for icons taken from tango project. -- Mathias Behrle Fri, 22 Jul 2011 13:50:57 +0200 tryton-server (2.0.1+dfsg-2) unstable; urgency=low * Patching in DFSG compatible icons instead of linking to them, setup.py needs to find them. -- Mathias Behrle Sat, 16 Jul 2011 23:32:18 +0200 tryton-server (2.0.1+dfsg-1) unstable; urgency=low [ Daniel Baumann ] * Moving to source format 3.0 (quilt). * Not wrapping uploaders field, it does not exceed 80 chars. * Compacting copyright file. * Updating manpage. * Silencing and correcting rmdir calls in postrm. * Prefixing variables in maintainer scripts in order to ensure not to get in the way of the rest of the environment (and in anticipation of using debconf later on). [ Mathias Behrle ] * Merging upstream version 2.0.1+dfsg. * Replacing non-DFSG compliant graphics by linking to tango-icon-theme. * Moving from deprecated python-support to dh_python, thanks to Charlie Smotherman (Closes: #632773). * Removing empty variable from DAEMON_OPTS. -- Mathias Behrle Thu, 14 Jul 2011 15:47:15 +0200 tryton-server (2.0.1-1) unstable; urgency=low * Merging upstream version 2.0.1. -- Mathias Behrle Sun, 05 Jun 2011 13:19:44 +0200 tryton-server (2.0.0-1) unstable; urgency=low * Changing recommends from openoffice.org to libreoffice (Closes: #614324). * Moving recommends for office-suite to suggests. * Updating to standards version 3.9.2. * Improving logging to let handle server rotation of log files. * Merging upstream version 2.0.0. * Adding databases to Should-Start and Should-Stop. * Fixing creation of log directory for repeated installation. -- Mathias Behrle Wed, 25 May 2011 00:25:09 +0200 tryton-server (1.8.2-1) unstable; urgency=low [ Daniel Baumann ] * Removing --remove-home from deluser call in postinst (Closes: #604214). [ Mathias Behrle ] * Enforcing stronger permissions on trytond.conf in postinst (Closes: #612644). * Merging upstream version 1.8.2. * Updating Copyright. -- Mathias Behrle Tue, 15 Feb 2011 13:20:08 +0100 tryton-server (1.8.1-1) experimental; urgency=low * Merging upstream version 1.8.1. * Updating email address of Mathias. -- Mathias Behrle Fri, 19 Nov 2010 14:36:49 +0100 tryton-server (1.8.0-1) experimental; urgency=low * Updating to debhelper version 8. * Updating to standards version 3.9.1. * Switching to source format 3.0 (quilt). * Merging upstream version 1.8.0. * Updating version and date header in manpage. -- Daniel Baumann Fri, 12 Nov 2010 12:41:59 +0100 tryton-server (1.6.1-1) unstable; urgency=low [ Daniel Baumann ] * Wrapping copyright. [ Mathias Behrle ] * Moving python-psyco and python-sphinx to Suggests. * Moving logrotate to Recommends. [ Daniel Baumann ] * Updating standards version to 3.9.0. * Merging upstream version 1.6.1. -- Daniel Baumann Fri, 06 Aug 2010 16:36:02 +0200 tryton-server (1.6.0-1) unstable; urgency=low [ Daniel Baumann ] * Adding Dm-Upload-Allowed in control in preparation for Mathias. [ Mathias Behrle ] * Merging upstream version 1.6.0. * Updating copyright. * Updating depends and recommends. * Setting minimal python version to 2.5 for sqlite support. * Updating postinst message. * Updating README.Debian. [ Daniel Baumann ] * Updating date and version header in manpage. * Fixing bashisms and other cosmetics in init, defaults, and postinst scripts. -- Mathias Behrle Sun, 09 May 2010 21:55:54 +0200 tryton-server (1.4.5-2) unstable; urgency=low [ Mathias Behrle ] * Adding logrotate script. [ Daniel Baumann ] * Addiing depends to remote_fs in init script. * Adding logrotate to suggests. -- Daniel Baumann Wed, 07 Apr 2010 00:18:15 +0200 tryton-server (1.4.5-1) unstable; urgency=low * Mergin upstream version 1.4.5. -- Daniel Baumann Wed, 31 Mar 2010 23:59:30 +0200 tryton-server (1.4.4-1) unstable; urgency=low * Updating year in copyright file. * Removing unneeded python-all-dev from build-depends. * Bumping versioned build-depends on debhelper. * Updating to standards 3.8.4. * Merging upstream version 1.4.4. -- Daniel Baumann Sat, 20 Feb 2010 11:07:27 +0100 tryton-server (1.4.3-1) unstable; urgency=low * Merging upstream version 1.4.3. -- Daniel Baumann Wed, 09 Dec 2009 19:26:44 +0100 tryton-server (1.4.2-1) unstable; urgency=low [ Mathias Behrle ] * Fixing init command in README. * Adding hint for client major version. [ Daniel Baumann ] * Merging upstream version 1.4.2. * Updating README.source. * Adding explicit debian source version 1.0 until switch to 3.0. -- Daniel Baumann Wed, 25 Nov 2009 12:31:35 +0100 tryton-server (1.4.1-2) unstable; urgency=low [ Mathias Behrle ] * Adding postgresql to Recommends. * Removing deprecated option -q for PostgreSQL client commands. * Reworking README to be more explicit. * Adding neso to postinst message. -- Daniel Baumann Sat, 31 Oct 2009 09:13:09 +0100 tryton-server (1.4.1-1) unstable; urgency=low [ Mathias Behrle ] * Merging upstream version 1.4.1. -- Daniel Baumann Wed, 21 Oct 2009 06:10:04 +0200 tryton-server (1.4.0-1) unstable; urgency=low * Merging upstream version 1.4.0. * Adding tryton-neso to suggests. -- Daniel Baumann Mon, 19 Oct 2009 21:12:15 +0200 tryton-server (1.2.2-2) unstable; urgency=low * Bumping versioned build-depends on debhelper. -- Daniel Baumann Sun, 18 Oct 2009 14:19:25 +0200 tryton-server (1.2.2-1) unstable; urgency=low * Updating to standards version 3.8.3. * Adding maintainer homepage field to control. * Adding README.source. * Merging upstream version 1.2.2. * Adding recommends to python-openssl. * Moving maintainer homepage field to copyright. * Updating README.source. * Using ascii only characters in copyright. -- Daniel Baumann Sat, 05 Sep 2009 09:40:14 +0200 tryton-server (1.2.1-3) unstable; urgency=low * Updating maintainer field. * Updating vcs fields. * Wrapping lines in control. -- Daniel Baumann Mon, 10 Aug 2009 20:31:40 +0200 tryton-server (1.2.1-2) unstable; urgency=low * Dropping information in README.Debian for postgresql 8.2 and older, even lenny has already 8.3. * Corrected wrapping of README.Debian to 80 characters a line. * Minimizing rules file. -- Daniel Baumann Sun, 26 Jul 2009 20:52:02 +0200 tryton-server (1.2.1-1) unstable; urgency=low * Updating to build with python2.6. * Updating package to standards version 3.8.2. * Merging upstream version 1.2.1. * Updating date and version in manpage header. -- Daniel Baumann Fri, 10 Jul 2009 14:13:56 +0200 tryton-server (1.2.0-2) unstable; urgency=low [ Mathias Behrle ] * Adding update information to postinst script. [ Daniel Baumann ] * Removing log file and (potentially) empty directories on purge (Closes: #527380). -- Daniel Baumann Thu, 07 May 2009 14:30:43 +0200 tryton-server (1.2.0-1) unstable; urgency=low [ Daniel Baumann ] * Merging upstream version 1.2.0. * Tidy rules files. * Updating version information in manpage. * Updating copyright file for new upstream release. * Including TODO file in docs. [ Mathias Behrle ] * Updating application description. [ Daniel Baumann ] * Correcting wrapping of control file. -- Daniel Baumann Tue, 21 Apr 2009 19:27:00 +0200 tryton-server (1.0.3-3) unstable; urgency=low [ Mathias Behrle ] * Fixing init script to use the correct daemon user (Closes: #521653). * Adding documentation for forced chmod on conf file (Closes: #521659). -- Daniel Baumann Mon, 30 Mar 2009 11:05:00 +0200 tryton-server (1.0.3-2) unstable; urgency=low [ Mathias Behrle ] * Reworking general server setup and documentation. [ Daniel Baumann ] * Adding Mathias to uploaders. -- Daniel Baumann Sat, 28 Mar 2009 16:10:00 +0100 tryton-server (1.0.3-1) unstable; urgency=low * Merging upstream version 1.0.3. -- Daniel Baumann Mon, 23 Mar 2009 08:01:00 +0100 tryton-server (1.0.2-1) unstable; urgency=low * Merging upstream version 1.0.2. -- Daniel Baumann Mon, 23 Mar 2009 07:25:00 +0100 tryton-server (1.0.1-1) unstable; urgency=low * Merging upstream version 1.0.1. * Updating to standards 3.8.1. * Making package arch all as it should be (Closes: #520810). -- Daniel Baumann Sun, 22 Mar 2009 22:35:00 +0100 tryton-server (1.0.0-2) unstable; urgency=low * Updating recommends to openoffice-python. * Updating recommends to openoffice.org. -- Daniel Baumann Sun, 22 Mar 2009 14:51:00 +0100 tryton-server (1.0.0-1) unstable; urgency=low * Initial release (Closes: #506095). -- Daniel Baumann Mon, 12 Jan 2009 15:49:00 -0500