dtc (0.25.3-2ubuntu1.1) hardy-security; urgency=low * SECURITY UPDATE: - CVE-2011-0434: SQL injection in bw_per_month.php graph - CVE-2011-0435: Bandwidth information disclosure in bw_per_month.php graph. - CVE-2011-0436: Passwords being emailed to the admin in clear text (Closes: #614302). - CVE-2011-0437: Removed dangerous SQL old unused code for ssh accounts management. -- Thomas Goirand Wed, 09 Mar 2011 16:10:18 +0800 dtc (0.25.3-2ubuntu1) gutsy; urgency=low * Obliterate any and all traces of apache and php4 in dtc and dtc-postfix-courier's Depends. * Modify Maintainer field as per spec. -- Steve Kowalik Tue, 7 Aug 2007 15:56:00 +1000 dtc (0.25.3-2) unstable; urgency=low * Changed dependency from libsasl2 to libsasl2-2 (Closes: #420253) -- Thomas Goirand Thu, 17 May 2007 04:36:16 +0800 dtc (0.25.3-1) unstable; urgency=low * Added Duch template by Bart Cornelis (Closes: #416987) * Added Czech template by Miroslav Kure (Closes: #416938) * Added french template by Christian Perrier (Closes: #416734) * Updated the template reviewed by Christian Perrier (Closes: #415231) which works for the debian-l10n-english group (Closes: #402657) * Added Galician debconf template translation for the package thanks to Jacobo Tarrio (Closes: #415629) * Added Portuguese debconf template translation for the package thanks to Ricardo Silva (Closes: #415814) * Updated german debconf template translation for the package thanks to Cristian Livadaru * dtc/conf_mysql_change_root is set to false as per default, as the previous release didn't close #414484 as written before * There has never been saveConfig saving to /root, but I'm writting an entry in there in order to close this bug (Closes: #414470) -- Thomas Goirand Tue, 20 Mar 2007 22:36:07 +0800 dtc (0.25.2-1) unstable; urgency=low * New upstream version (including minor bugs removal). * Changed priority from optional to extra as this was producing some warning in the debian tracking system. * Added pt.po portuguese translation for debconf messages thanks to Ricardo Silva (Closes: #415071). * All the db_input calls uses now || true so it also works with the set -e directive in the config script (see master.config). * createChrootTemplate is not called durring the postinst anymore, but now done in the userland install script (Closes: #414465) * README.Debian is less agressive about the policy (Closes: #414469) * Postinst checks for existance of /proc/net/dev before using it to check the interface names (Closes: #414468) * conf_report_setup is set to false as default (Closes: #414467) * Now searches for htpasswd or htpasswd2 with which instead of using cascading if [ -e /path (Closes: #414466) * Finish install script reduced to one unique line (Closes: #414474) * The installer doesn't use set +e anymore and uses || true when it's needed instead (Closes: #414479) * Not using ""$var but "$var" in the config script as it could be confusing some people reading the script not used to read it (Closes: #414478) * dtc-chroot-shell is now setup in the package itself, not generated anymore by the installer (Closes: #414475) * Now using lsb-release to check for debian release name (Closes: #414476). to check if the package is using Sarge (this part is now commented, but will stay in the code as it's more easy to for us to manage it). It does not ask for changing the MySQL root password any more (Closes: #414484). -- Thomas Goirand Wed, 7 Mar 2007 09:19:42 +0000 dtc (0.25.1-1) unstable; urgency=low * Now using a dtc-common package to avoid conflicts between config files in /etc/cron.d and /etc/logrotate.d if someday a user switch between dtc and dtc-postfix-courier. Also, this makes both 2 packages (being in only dtc-common) having less files and reduce the overall size. * The chroot template is now built in /var/lib/dtc as default. * Now using a2enmod for enabling apache2 rewrite and ssl. * Long desc split in parts. (Closes: #403504). * Now using po-debconf internationalization (Closes: #402655). * The postinst doesn't modify other package config files anymore this is now done in a script to be launched manualy after the setup of the package (Closes: #402432). * Many changes to be debian policy compliant as requested in the BTS: - All things forbidden by debian policy removed from the postinst. - The user has to cd into /usr/share/dtc/admin/install and run ./install in order to have the install script modify the configuration files of the daemons this package (dtc or it's brother dtc-postfix-courier) uses. - The postinst script saves the values answered in debconf in /var/lib/dtc as they are needed for the 2nd stage as well (like path for hosted files, domain name, mysql password and so on) as otherwise it would raise a "debconf is not a registry" error in Lintian. Side notes: This has been said to be the correct way (eg: debian policy compliant). If there is a smarter way, I'm open to any suggestions, but consider that it's not nice to ask twice the same thing to the user to the package, and that splitting the setup script in 2 parts (because touching other package config file) is not a very nice feature already. Also, this is what have been advised me to do in different channels in IRC, by people in mentors (Closes: #402834). -- Thomas Goirand Sat, 16 Dec 2006 03:11:17 +0800 dtc (0.24.6-1.1) unstable; urgency=low * Non-maintainer upload from the sponsor :) * Disabled maintainer scripts: - The maintainer scripts are currently way too intrusive. They need to be carefully rewritten. Until this is done, I disabled them (they are shipped in /usr/share/doc/{dtc,dtc-postfix}/ though). - disabled postinst check in rules. -- Daniel Baumann Mon, 11 Dec 2006 08:49:00 +0100 dtc (0.24.6-1) unstable; urgency=low * Initial release. -- Thomas Goirand Mon, 13 Nov 2006 03:11:17 +0800