dtc (0.30.10-1ubuntu1) lucid-security; urgency=low * SECURITY UPDATE: - CVE-2011-0434: SQL injection in bw_per_month.php graph - CVE-2011-0435: Bandwidth information disclosure in bw_per_month.php graph. - CVE-2011-0436: Passwords being emailed to the admin in clear text (Closes: #614302). - CVE-2011-0437: Removed dangerous SQL old unused code for ssh accounts management. -- Thomas Goirand Wed, 09 Mar 2011 16:07:47 +0800 dtc (0.30.10-1) unstable; urgency=low * New upstream release fixing the following: - Removed the "array, cannot fetch admin" in the /dtcadmin interface. - Removed a Notice warning when generating the named config files and no VPS is present in the db. - Reverted the dtc_see_password patch for IE as it's not working. - Fixed the entries in the DNS for the default IN A pointers to VPSes. - nodes_zones.conf generated correctly. * Bumped Standards-Version to 3.8.3. * Added registration of the DTC doc in doc-base -- Thomas Goirand Tue, 29 Sep 2009 16:53:18 +0800 dtc (0.30.8-1) unstable; urgency=high * New upstream release fixing the following: - gen_named_files.php for the automated hostnames now works. - fixed bad printing of mailboxes (re)creation - fixed an bug when generating the fetchmail script - fixed the monitor.php when a customer has multiple admins - dtc_see_password also works in IE - corrected the cron for the wrong nagios variables - logrotate script didn't have an endscript statement - corrected the the call to updateUsingCron() in the sql/vps.php - fixed the dom0 and VPS automatic VPS hostname creation - added missing MySQL privileges -- Thomas Goirand Thu, 10 Sep 2009 03:18:35 +0800 dtc (0.30.6-1) unstable; urgency=low * New upstream release. * Added dependency to cpio and cron (Closes: #538111). * Removed some bashismes (Closes: #530073). * Fixed saslauthd directory (Closes: #529075). * dtc-common now depends on libnusoap-php (Closes: #529577). * MX records in uppercase are automatically lowered (Closes: #543531). * Removed dependency to msttcorefonts (Closes: #490042). * Swedish strings for dtc debconf thanks to Martin Bagge (Closes: #513778). * The source package now adds generation the following binaries: dtc-postfix-dovecot, dtc-dos-firewall, dtc-autodeploy. -- Thomas Goirand Sun, 06 Sep 2009 13:15:59 +0800 dtc (0.29.17-1) unstable; urgency=high * The last debian package was wrongly packaged with a version older than the 0.29.16 because of some Git mistake (forgot to push before I did the clone to build the package). This corrects it. -- Thomas Goirand Thu, 29 Jan 2009 23:43:30 +0800 dtc (0.29.16-1) unstable; urgency=low * New spanish debian template translation thanks to Francisco Javier Cuadrado (Closes: #510468) * Backported a MySQL insertion security fix from the Git version (issue was when using the add service function once you already have an account). * Fixed the roundcube dependency so it pulls it correctly. * Backported a bugfix for the VAT rate so it can be changed without issue. -- Thomas Goirand Sat, 10 Jan 2009 04:20:01 +0800 dtc (0.29.15-1) unstable; urgency=low * Move the dependency of amavisd-new and clamav from dtc-common to dtc-postfix-courier and dtc-cyrus, so dtc-core can be setup without it. * Removed double dependency to patch. * Removed dependency to bind, now only depends on bind9. -- Thomas Goirand Mon, 10 Nov 2008 03:57:19 +0800 dtc (0.29.14-1) unstable; urgency=low * New upstream release with corrections for Lenny, backported from the master branch of the Git, to add corrections and not features as follow: - Modify depends: so it uses proftpd-mod-mysql as this is the new package for proftpd... - Solved the INSERT bug for the Money spent accounting functions. - Now the add domain or service link is ALWAYS showed. - Fixed a bug if adding a new service with a non-debian VPS. - Removed list.dsbl.org from default DNSBL as it's dead. * Removed all trace of php4 dependency, leaving only dependency to php5. This is needed as lintian doesn't see "php5-cli | php4-cli" and yell that phpX-cli is missing. * Removed unused debconf template. -- Thomas Goirand Fri, 17 Oct 2008 12:21:49 +0800 dtc (0.29.10-1) unstable; urgency=low * New upstream release with corrections for Lenny, backported from the master branch of the Git, to add corrections and not features as follow: - Big problem with the pending payment thing that was setting things as validated when they were in fact just pending. - the CPU rrd data collection (the rrd call was commented out) - the setup of the default index.php & 404 subdomain files - sa-wrapper symlink attack vulnerability fix (Closes: #496362) - removed the paylog.txt logging - [v0.29.8] phpmyadmin blowfish_secret owner change - [v0.29.8] Cleaning the spam folder with -mtime instead of -atime - [v0.29.8] Added a full Simplified Chinese translation by Wei Cao , including debconf and the software itself - [v0.29.8] Removed the "limit 1" when setting the id_client to zero when deleting an admin. - [v0.29.8] Solved the mysql users & db deletion bug when deleting an admin, removed the old mysql manager code that was remaining. - [v0.29.8] Needed a global $pro_mysql_pop_table in the spam folder cleanup - [v0.29.8] Removed a bug when there is no install log at all that was preventing the VPS install tab to be displayed - [v0.29.8] Some global variables for the vps table names where missing in deleteVPS() - [v0.29.8] The cron job needed to be modified for gen_named='yes', reload_named='yes' when modifying the wildcard DNS thing. - [v0.29.8] A Tags: was still there in debian/control, it's now removed. -- Thomas Goirand Thu, 26 Aug 2008 05:07:11 +0800 dtc (0.29.8-1) unstable; urgency=low * New upstream release with corrections for Lenny, backported from the master branch of the Git, to add corrections and not features. -- Thomas Goirand Wed, 20 Aug 2008 05:07:11 +0800 dtc (0.29.6-1) unstable; urgency=low * New upstream release. * Added Basque debconf template translation, thanks to xabier bilbao (Closes: #487448) * Updated Portuguese debconf template translation, thanks to Ricardo Silva (Closes: #487292) * Updated Czech debconf translation, thanks to Miroslav Kure (Closes: #487264) * Corrected minor typo in debconf template (Closes: #479583) * Updated German debconf translation thanks to Helge Kreutzmann (Closes: #479302) -- Thomas Goirand Wed, 7 May 2008 16:23:57 +0800 dtc (0.28.10-1) unstable; urgency=low * New upstream release. -- Thomas Goirand Fri, 18 Apr 2008 16:04:00 +0800 dtc (0.28.9-1) unstable; urgency=low * New upstream release. * Updated Finish debconf template thanks to Esko Arajarvi (Closes: #471533) * Updated Galician debconf template thanks to Jacobo Tarrio (Closes: #471780) * Updated Russian debconf templates translation thanks to Yuri Kozlov (Closes: #472038) * Updated Russian DTC translation thanks to Yuri Kozlov (Closes: #472058) * Updated french debconf templates translation thanks to Christian Perrier (Closes: #471428) * Added Vietnamese debconf translation thanks to Clytie Siddall (Closes: #473236) -- Thomas Goirand Thu, 20 Mar 2008 08:29:33 +0800 dtc (0.28.6-1) unstable; urgency=low * New upstream release. -- Thomas Goirand Sat, 15 Mar 2008 12:08:35 +0800 dtc (0.28.4-1) unstable; urgency=low * New upstream release. * Added Finish debconf template translation, thanks to Esko Arajärvi (Closes: #468827) -- Thomas Goirand Sun, 9 Mar 2008 10:35:17 +0800 dtc (0.28.3-1) unstable; urgency=low * New upstream release. * Now, the installer picks the MySQL root password in /etc/mysql/debian.cnf to create a dtc user with a random password and root access to MySQL. This makes it useless to ask for MySQL login/pass (Closes: #414477) * Updated the Duch debconf translation thanks to "cobaco (aka Bart Cornelis)" (Closes: #468301) -- Thomas Goirand Sat, 1 Mar 2008 16:26:53 +0800 dtc (0.28.2-1) unstable; urgency=low * New upstream release. * [v0.27] DTC now generates a dtc-cyrus package * [v0.27] Added support for dkfilter inbound filtering and outbound signing with postfix. * [v0.27] Now using ttf-dejavu instaed of ttf-bistream-vera because that last one is going to be removed from Debian (Closes: #461259) * [v0.27] Renamed the dtc package to dtc-core in order not to conflict with the "device tree compiler". * [v0.27] Fixed some non-arch-dependent debian/rules & debian/control problems. * [v0.27] Lot's of requests in debconf are now guessed (like hostname and IP), also lot's of them have now very low priority. * [v0.27] The postinst now does less things, it's done by dtc's install script now * [v0.27] The debian/rules now uses the provided "make install" from upstream to build the binary packages. * [v0.27] Bumped Standards-Version to 3.7.3 * [v0.26.3] Upgraded embed a copy of wz_tooltip (Closes: #429214) * [v0.25.9] Added dtc-stats-daemon package to the build. * [v0.25.9] Repaired the debian dtc-chroot-shell that was previously broken * [v0.25.9] Repaired the debconf NAT question priority + others (minor) things * [v0.25.9] Fixed some perms after install (minor) * [v0.25.4] This source package now builds dtc-stats-daemon. * [v0.25.4] Added pt_BR template by Felipe Augusto van de Wiel (Closes: #417248) * This source package now builds dtc-stats-daemon. * Added pt_BR template by Felipe Augusto van de Wiel (Closes: #417248) -- Thomas Goirand Fri, 25 May 2007 08:19:31 +0000 dtc (0.25.3-2) unstable; urgency=low * Changed dependency from libsasl2 to libsasl2-2 (Closes: #420253) -- Thomas Goirand Thu, 17 May 2007 04:36:16 +0800 dtc (0.25.3-1) unstable; urgency=low * Added Duch template by Bart Cornelis (Closes: #416987) * Added Czech template by Miroslav Kure (Closes: #416938) * Added french template by Christian Perrier (Closes: #416734) * Updated the template reviewed by Christian Perrier (Closes: #415231) which works for the debian-l10n-english group (Closes: #402657) * Added Galician debconf template translation for the package thanks to Jacobo Tarrio (Closes: #415629) * Added Portuguese debconf template translation for the package thanks to Ricardo Silva (Closes: #415814) * Updated german debconf template translation for the package thanks to Cristian Livadaru * dtc/conf_mysql_change_root is set to false as per default, as the previous release didn't close #414484 as written before * There has never been saveConfig saving to /root, but I'm writting an entry in there in order to close this bug (Closes: #414470) -- Thomas Goirand Tue, 20 Mar 2007 22:36:07 +0800 dtc (0.25.2-1) unstable; urgency=low * New upstream version (including minor bugs removal). * Changed priority from optional to extra as this was producing some warning in the debian tracking system. * Added pt.po portuguese translation for debconf messages thanks to Ricardo Silva (Closes: #415071). * All the db_input calls uses now || true so it also works with the set -e directive in the config script (see master.config). * createChrootTemplate is not called durring the postinst anymore, but now done in the userland install script (Closes: #414465) * README.Debian is less agressive about the policy (Closes: #414469) * Postinst checks for existance of /proc/net/dev before using it to check the interface names (Closes: #414468) * conf_report_setup is set to false as default (Closes: #414467) * Now searches for htpasswd or htpasswd2 with which instead of using cascading if [ -e /path (Closes: #414466) * Finish install script reduced to one unique line (Closes: #414474) * The installer doesn't use set +e anymore and uses || true when it's needed instead (Closes: #414479) * Not using ""$var but "$var" in the config script as it could be confusing some people reading the script not used to read it (Closes: #414478) * dtc-chroot-shell is now setup in the package itself, not generated anymore by the installer (Closes: #414475) * Now using lsb-release to check for debian release name (Closes: #414476). to check if the package is using Sarge (this part is now commented, but will stay in the code as it's more easy to for us to manage it). It does not ask for changing the MySQL root password any more (Closes: #414484). -- Thomas Goirand Wed, 7 Mar 2007 09:19:42 +0000 dtc (0.25.1-1) unstable; urgency=low * Now using a dtc-common package to avoid conflicts between config files in /etc/cron.d and /etc/logrotate.d if someday a user switch between dtc and dtc-postfix-courier. Also, this makes both 2 packages (being in only dtc-common) having less files and reduce the overall size. * The chroot template is now built in /var/lib/dtc as default. * Now using a2enmod for enabling apache2 rewrite and ssl. * Long desc split in parts. (Closes: #403504). * Now using po-debconf internationalization (Closes: #402655). * The postinst doesn't modify other package config files anymore this is now done in a script to be launched manualy after the setup of the package (Closes: #402432). * Many changes to be debian policy compliant as requested in the BTS: - All things forbidden by debian policy removed from the postinst. - The user has to cd into /usr/share/dtc/admin/install and run ./install in order to have the install script modify the configuration files of the daemons this package (dtc or it's brother dtc-postfix-courier) uses. - The postinst script saves the values answered in debconf in /var/lib/dtc as they are needed for the 2nd stage as well (like path for hosted files, domain name, mysql password and so on) as otherwise it would raise a "debconf is not a registry" error in Lintian. Side notes: This has been said to be the correct way (eg: debian policy compliant). If there is a smarter way, I'm open to any suggestions, but consider that it's not nice to ask twice the same thing to the user to the package, and that splitting the setup script in 2 parts (because touching other package config file) is not a very nice feature already. Also, this is what have been advised me to do in different channels in IRC, by people in mentors (Closes: #402834). -- Thomas Goirand Sat, 16 Dec 2006 03:11:17 +0800 dtc (0.24.6-1.1) unstable; urgency=low * Non-maintainer upload from the sponsor :) * Disabled maintainer scripts: - The maintainer scripts are currently way too intrusive. They need to be carefully rewritten. Until this is done, I disabled them (they are shipped in /usr/share/doc/{dtc,dtc-postfix}/ though). - disabled postinst check in rules. -- Daniel Baumann Mon, 11 Dec 2006 08:49:00 +0100 dtc (0.24.6-1) unstable; urgency=low * Initial release. -- Thomas Goirand Mon, 13 Nov 2006 03:11:17 +0800