[Pkg-owncloud-commits] [SCM] owncloud.git branch, master, updated. debian/5.0.8+dfsg-2-12-g8622459
David Prévot
taffit at debian.org
Tue Jul 16 02:35:44 UTC 2013
The following commit has been merged in the master branch:
commit 07f22bd6ae863e8adc30c0c52eaff8cea651ae17
Author: David Prévot <taffit at debian.org>
Date: Mon Jul 15 22:05:17 2013 -0400
Add upstream changelog
diff --git a/debian/rules b/debian/rules
index 86503ee..11582f9 100755
--- a/debian/rules
+++ b/debian/rules
@@ -115,5 +115,8 @@ override_dh_fixperms:
chmod 2770 debian/owncloud/var/lib/owncloud/backup/
chmod 0644 debian/owncloud/var/lib/owncloud/themes/README
+override_dh_installchangelogs:
+ dh_installchangelogs $(CURDIR)/debian/upstream-changelog
+
get-orig-source:
uscan --force --verbose
diff --git a/debian/upstream-changelog b/debian/upstream-changelog
new file mode 100644
index 0000000..9b0ddca
--- /dev/null
+++ b/debian/upstream-changelog
@@ -0,0 +1,627 @@
+Version 5.0.9 July 15th 2013
+
+ Fixes for mounting an WebDAV into an ownCloud
+ Improve expiring of old version in case of an full storage
+ IE8 fixes
+ Speedup syncing of shared files
+ Oracle compatibility fixes
+ Make upgrade routine more robust
+ Fix gallery for curtain php configurations
+ Fix pdf viewer close button
+ user_external fixes
+ Several smaller fixes
+
+Version 5.0.8 July 10th 2013
+
+ SECURITY: XSS vulnerability in “Share Interface” (oC-SA-2013-029)
+ SECURITY: Authentication bypass in “user_webdavauth” (oC-SA-2013-030)
+ New anonymous upload feature
+ Fix syncing of external filesystems
+ External filesystems performance improvements
+ Improve compatibility with Oracle
+ Improved and simplified theming
+ Internet explorer 8 fixes
+ Fixes for partial file uploads
+ LDAP: fix handling of User and Group Bases
+ Improved and more robust upgrade system
+ A lot of encryption system fixes
+ Do not add groups if user has no groups
+ Several Contacts fixes
+ A lot of smaller bugfixes all over the place
+
+Version 4.5.13 July 10th 2013
+
+ SECURITY: Authentication bypass in “user_webdavauth” (oC-SA-2013-030)
+ Fixed deleting old files versions
+
+Version 5.0.7 June 6th 2013
+
+ SECURITY: Multiple XSS vulnerabilities (oC-SA-2013-028)
+ New encryption app as preview included. WARNING: This is not yet ready for production use but testing and feedback is welcome.
+ Several LDAP compatibility fixes
+ Several performance improvements of file handling
+ Trashbin fixes for Safari
+ Internet Explorer fixes
+ Several Contacts fixes
+ New check for magic_quotes
+ External Filesystem fixes
+ Add support for copying/moving folders between storages
+ Several smaller fixes
+
+Version 4.5.12 June 6th 2013
+
+ SECURITY: Multiple XSS vulnerabilities (oC-SA-2013-028)
+ Several Contacts fixes
+ Several Calendar fixes
+ Several smaller fixes
+
+Version 4.0.16 June 6th 2013
+
+ SECURITY: Multiple XSS vulnerabilities (oC-SA-2013-028)
+
+Version 5.0.6 May 14th 2013
+
+ SECURITY: SQL Injection (oC-SA-2013-019)
+ SECURITY: Multiple directory traversals (oC-SA-2013-020)
+ SECURITY: Multiple XSS vulnerabilities (oC-SA-2013-021)
+ SECURITY: Open redirector (oC-SA-2013-022)
+ SECURITY: Password autocompletion (oC-SA-2013-023)
+ SECURITY: Privilege escalation in the calendar application (oC-SA-2013-024)
+ SECURITY: Privilege escalation and CSRF in the API (oC-SA-2013-025)
+ SECURITY: Incomplete blacklist vulnerability (oC-SA-2013-026)
+ SECURITY: Information disclosure: CSRF token + username (oC-SA-2013-027)
+ Fix renaming of shared files
+ Fix UUID handling with LDAP
+ Fix several undelete files issues
+ Fix LDAP cachekey handling
+ Several OCS API fixes
+ Dropbox mounting fixes
+ Remove ldap group name restrictions
+ Fix fetching of the userlist with multiple user backends
+ Turn off password autocompletion
+ Translation fixes of the Shared folder
+ Fix the fileactions order for filetypes
+ Allow to ship a default theme
+ Disallow URLs containing “@”
+ Smaller layout improvemens
+ Log an upgrade warning
+ Log a trash bin cleanup message
+ Improved quota calculation
+ Allow to set Quota to zero
+ Fix performance regression for uploading of big files
+ Several Calendar fixes
+ Use displaynames in contacts
+ Check for existing address books during migrate->import
+ Texteditor fixes
+ Increase the SQLite database timeout
+ Order images in Gallery
+
+Version 4.5.11 May 14th 2013
+
+ SECURITY: SQL Injection (oC-SA-2013-019)
+ SECURITY: Multiple directory traversals (oC-SA-2013-020)
+ SECURITY: Multiple XSS vulnerabilities (oC-SA-2013-021)
+ SECURITY: Privilege escalation in the calendar application (oC-SA-2013-024)
+
+Version 4.0.15 May 14th 2013
+
+ SECURITY: Multiple directory traversals (oC-SA-2013-020)
+ SECURITY: Multiple XSS vulnerabilities (oC-SA-2013-021)
+
+Version 5.0.5 April 19th 2013
+
+ Fix navigation hover effect
+ Fix database migration
+ Add a warning in the logfile when doing a migration
+ Fix renaming of shared files
+ Improved quota calculation
+ Fix free space calculation
+ Several layout fixes
+ Better save mode check
+ Cleanup database after user deletion
+ Fix touch for creating new files
+ Several trash bin fixes
+ Update MediaElement.js
+ Fix double address book problem
+ Fix layout problem triggered by impress
+ Several smaller fixes
+ Security: XSS in flashmediaelement.swf (oC-SA-2013-017)
+ Security: Authentication bypass in Contacts (oC-SA-2013-018)
+
+Version 4.5.10 April 19th 2013
+
+ Security: XSS in flashmediaelement.swf (oC-SA-2013-017)
+ Security: Authentication bypass in calendar (oC-SA-2013-018)
+
+Version 5.0.4 April 11th 2013
+
+ Fix file renames
+ Improved compatibility with PostgreSQL
+ Fixed upgrade for PostgreSQL users
+ Improved LDAP compatibility
+ Fix the upgrade hint
+ Make upgrade more robust fix maintainance mode
+ Smaller CSS fixes
+ Fix internet check for proxy users
+ Manually disable files_archive app to fix upgrade
+ Fix touch() for local storage
+ Fix versioning check to allow installation of 3rd party apps
+ Fix default quota
+ Several contacts fixes
+ Several calendar fixes
+ Fixed ampache support in media player
+ Improve mail function in antivirus app
+ Fix setting of user quotas
+ Fix deleted files size calculation
+ Fix “You do not have write permissions here” warning
+ Fix asynchronous loading of users
+ Fix notice from the nullbyte check
+ XSS vulnerability in jPlayer (oC-SA-2013-014)
+ PostgreSQL: Insecure database password generator (oC-SA-2013-015)
+ Windows: Local file disclosure (oC-SA-2013-016)
+
+Version 4.5.9 April 11th 2013
+
+ Fix public sharing
+ Improved LDAP error reporting
+ Don’t show share action for Shared folder
+ XSS vulnerability in jPlayer (oC-SA-2013-014)
+ PostgreSQL: Insecure database password generator (oC-SA-2013-015)
+ Windows: Local file disclosure (oC-SA-2013-016)
+
+Version 4.0.14 April 11th 2013
+
+ XSS vulnerability in jPlayer (oC-SA-2013-014)
+ PostgreSQL: Insecure database password generator (oC-SA-2013-015)
+ Windows: Local file disclosure (oC-SA-2013-016)
+
+Version 5.0.3 April 3th 2013
+
+ Correctly handle .part files
+ Improve PostgreSQL support
+ Fix database upgrading from old versions
+ Improved app styles
+
+Version 5.0.2 April 2th 2013
+
+ Fix versioning string
+ Fix compatibility with older MySQL versions
+
+Version 5.0.1 April 2th 2013
+
+ Fixed classnames and improved autoloaded to improve compatibility with older PHP versions
+ Show a warning if an insecure PHP version is used
+ Filesizes are displayed correctly
+ Fixed groups in usermanagement
+ Several Internet Explorer fixes
+ Use display-names in more places
+ Fix upgrading of cache
+ Fix navigation scrollbar for lots of apps
+ Fixed ETag handling to prevent wrong conflict files
+ Fix public link handling
+ Better indexes to improve performance
+ Several Windows server fixes
+ Fix renames of shared files
+ Fix PostgreSQL compatibility
+ Improve error reporting for app installation
+ Improved compatibility with Novell eDirectory
+ Several LDAP fixes
+ Improved sorting in usermanagement
+ Improved background jobs
+ Several CardDAV contacts fixes
+ Several mediaplayer fixes
+ Fixes for text editor
+ Several lucene search fixes
+ Several smaller fixes
+ Contacts: SQL Injection (oC-SA-2013-012)
+ Multiple XSS vulnerabilities (oC-SA-2013-011)
+
+Version 5.0.0 March 14th 2013
+
+ New design
+ Restore deleted files
+ New fulltext search
+ Display names
+ New photo gallery
+ Improved calendar and contacts
+ Improved bookmarks
+ New documentation system
+ Improved file cache
+ Improved security checks
+ Security hardening in templates
+ Security hardening: Implemented Content Security Policy
+ Better versioning of better autoexpire
+ Extended external storage
+ New OCS REST API support
+ Improved apps management
+
+Version 4.5.8 March 14th 2013
+
+ Fix foldersize checks to validate zip input size
+ Offer download of shared dir as zip only if zip size limit is not exceeded
+ Escape more characters for LDAP search
+ Fix versioning together with real home directories
+ Multiple XSS vulnerabilities (oC-SA-2013-008)
+ Contacts: Bypass of file blacklist (oC-SA-2013-009)
+ user_migrate: Local file disclosure (oC-SA-2013-010)
+
+Version 4.0.13 March 14th 2013
+
+ Contacts: Bypass of file blacklist (oC-SA-2013-009)
+ user_migrate: Local file disclosure (oC-SA-2013-010)
+
+Version 4.5.7 Feb 20th 2013
+
+ Fix for 3rd party apps dropping the database
+ Fix SubAdmins management
+ Fix PHP warnings
+ Fix compatibility with some CIFS shares
+ More robust apps management
+ Remove not needed AWS tests
+ Improved mime type parsing
+ Several sharing fixes
+ Offer the option to change the password only supported by the backend
+ More robust auto language detection
+ Revoke DB rights on install only if the db is newly created
+ Fix rendering of database connection error page
+ LDAP: update quota more often
+ Multiple XSS vulnerabilities (oC-SA-2013-003)
+ Multiple CSRF vulnerabilities (oC-SA-2013-004)
+ PHP settings disclosure (oC-SA-2013-005)
+ Multiple code executions (oC-SA-2013-006)
+ Privilege escalation in the calendar application (oC-SA-2013-007)
+
+Version 4.0.12 Feb 20th 2013
+
+ Multiple XSS vulnerabilities (oC-SA-2013-003)
+ Multiple CSRF vulnerabilities (oC-SA-2013-004)
+ Multiple code executions (oC-SA-2013-006)
+
+Version 4.5.6 Jan 22th 2013
+
+ Improved language detection
+ Improved translations
+ Fix link to bugtracker
+ Several IE 6/7/8 fixes
+ SabreDAV updated to 1.6.6
+ Improved error reporting
+ Support special characters in mountpoint
+ Interpret http 403 and 401 as not authorized in user_webdavauth
+ Several fixes for special characters in files and folders
+ Improved PostgreSQL support
+ Check database names for valid characters
+ Fix default email address calculation
+ Remove debug output on send password page
+ Add SMTP port configuration option
+ Only show the max possible upload of 2GB on a 32 bit system
+ Show progress during file downloads
+ Security: Fix multiple XSS problems: CVE-2013-0201, CVE-2013-0202, CVE-2013-0203
+ Security: Fix Code execution in external storage: CVE-2013-0204
+ Security: Removed remoteStorage app because of unfixed security problems.
+
+Version 4.0.11 Jan 22th 2013
+
+ Security: Fix multiple XSS problems: CVE-2013-0201, CVE-2013-0202, CVE-2013-0203
+ Security: Removed remoteStorage app because of unfixed security problems.
+
+Version 4.5.5 Dec 20th 2012
+
+ Show drag and drop shadow for Firefox
+ Fix Knowledgebase under certain conditions
+ Fix setting of sharing password
+ Fix setting of sharing password
+ Several sharing fixes
+ Fixversioning during sharing
+ Fix mounting of external filesystems especially CIFS
+ Fix several PHP warnings
+ Show /Shared as standard directory
+ Fix session management for running several ownClouds on the same host
+ Fix WebDAV quota enforement
+ Fix CalDAV with LDAP users
+ Better warning about missing dependencies
+ Add warning about conflicting WebDAV auth and LDAP backend
+ Restore send sharing link my email
+ Fix encoding problem with mounting of CIFS filesystems
+ Fix mimetype icons for new files
+ Fix the folder size calculation
+ Fix for deleting multiple files
+ Fix for controling the data dir with LDAP
+ Security: Auth bypass in user_webdavauth and user_ldap (oC-SA-2012-006)
+ Security: XSS vulnerability in bookmarks (oC-SA-2012-007)
+
+Version 4.0.10 Dec 20th 2012
+
+ Security: Auth bypass in user_webdavauth and user_ldap (oC-SA-2012-006)
+ Security: XSS vulnerability in bookmarks (oC-SA-2012-007)
+
+Version 4.5.4 Dec 3th 2012
+
+ Fix a regression for system where output buffering is disabled
+ Fix a problem with old file versions stored in the filesystem cache
+ Fix group and subadmin ajax bug
+ Important LDAP fix
+ Improved Updater
+
+Version 4.5.3 Nov 27th 2012
+
+ Fix the new from url button
+ Fix a memory overflow with downloading of big files via WebDAV
+ Better error output in case of DB problems
+ Fix problems with uploading files who have special characters in the name
+ Improved reverse proxy and load balancer support
+ Fix wrong folder size calculation
+ Improved share link generation
+ Fix the syncing of the Shared folder
+ Fix Sharing by link from within Shared folder
+ Several LDAP integration fixes
+ Fix support for PostgreSQL
+ Several WebDAV fixes
+ Fix drag and drop uploading
+ Improved translations
+ Several Gallery fixes
+ Several Contacts fixes
+ Smaller fixes
+
+Version 4.5.2 Nov 14th 2012
+
+ Fix syncing of shared folder
+ Various sharing bugs fixed
+ Fix bug with deleting users
+ Fix check if resharing is allowed
+ Fix webdavauth app
+ Several ldap fixes
+ Fix data migration
+ Fix folder uploads
+ Fix generatino of etags
+ Fix user specific mount configuration
+ Several PostgreSQL fixes
+ Improved performance of file updates
+ Fix some php warnings
+ Fix filesize calculation
+ Add visual feedback if password is set
+ Various smaller fixes
+ Several critical security fixes
+ XSS vulnerability in user_webdavauth (oC-SA-2012-003)
+ Code Execution in /lib/migrate.php (oC-SA-2012-004)
+ Code Execution in /lib/filesystem.php (oC-SA-2012-005)
+
+Version 4.0.9 Nov 14th 2012
+
+ Several critical security fixes
+ Multiple XSS vulnerabilities (oC-SA-2012-001)
+ Timing attack in the “Lost Password” implementation (oC-SA-2012-002)
+ Code Execution in /lib/migrate.php (oC-SA-2012-004)
+ Code Execution in /lib/filesystem.php (oC-SA-2012-005)
+
+Version 4.5.1 Oct 24th 2012
+
+ Fix path encoding in breadcrumb
+ Fix sharing of files with special characters
+ Fix upercase/lowercase probelm in usernames with WebDAV
+ Fix LDAP plugin with Postgres
+ Fix userID migration
+ Fix sharing of mounted Files
+ Delete userfiles after deleting a user
+ Make Webinterface work with nonstandard path
+ Fix retrieval of Quota, Email via LDAP
+ Show a warning in installer if .htaccess is not working
+ Fix Shared folder caching
+ Increase security by using openssl random number generator
+ Fix syncing of rollback files
+ Fix the swift files backend
+ Disallow user to delete own account
+ Security: Fix multiple XSS vulnerabilities (oC-SA-2012-001)
+ Security: Fix a timing attack in the “Lost Password” implementation (oC-SA-2012-002)
+ Various smaller fixes
+
+Version 4.5.0 Oct 10th 2012
+
+ Faster Syncing
+ Sub Administrators
+ GUI for mounting of external storage
+ Improved File Versioning
+ Enhanced Sharing
+ Reworked LDAP
+ Big File Chunking
+
+Version 4.0.8 Oct 10th 2012
+
+ Show Login Button when user and password are autocompleted
+ Sanitize LDAP base, user and groups
+ Security: Fix for insufficiently Random Values (CVE-2008-4107)
+ Security: Fixed multiple XSS vulnerabilities (CVE-2012-5056)
+ Security: Fixed a HTTP header injection (CVE-2012-5057)
+ Security: Fixed an Auth bypass in /lib/base.php (CVE-2012-5336)
+
+Version 4.0.7 Aug 15th 2012
+
+ Show Login Button when user and password are auto-completed
+ Sanitize LDAP base, user and groups
+ Fix non active Adressbooks
+ Calendar: Remove double html encoding
+ Fix label for versioning in admin settings
+ Add parent directory into filecache if it doesn´t exist
+ Handle non writable files correctly
+ Disable webfinger completely if not activated
+ Security: Disable user listings in DAV (CVE-2012-4390)
+ Security: Check file blacklist for file renames (CVE-2012-4389)
+ Security: CSRF fix for appconfig.php (CVE-2012-4391)
+ Security: Validate cookie to prevent auth bypasses (CVE-2012-4392)
+ Special thanks to Julien Cayssol for reporting several security problems
+
+Version 4.0.6 Aug 1th 2012
+
+ More robust LDAP integration during unexpected collisions
+ Fix sharing for users with @ in username
+ Additional error handling for emailing of private links
+ Cleanup old session files
+ Fix user space calculation
+ Fix Ampache authentication
+ Remove delete tipsy if file is deleted
+ Don´t delete lot´s of session files during DAV requests
+ Fix error when no adressbook is created
+ Check if php-ldap is installed
+ Security: Check for Admin user in appconfig.php (CVE-2012-4752)
+ Security: Several CSRF security fixes (CVE-2012-4393)
+
+Version 4.0.5 July 20th 2012
+
+ Fix remember the username and autologin
+ Offer an option to allow sharing outside the group.
+ Fix for birthday format
+ Fixes for several encoding fixes for unicode characters
+ Fix invalid filesystem cache in the sharing folder
+ Several calendar and contacts fixes
+ Fix sending of emails
+ Several fixes in the system log
+ Several fixes for the external filesystem feature
+ Security: Fix a reflected XSS (CVE-2012-4394)
+
+Version 4.0.4 June 28th 2012
+
+ Fix assigning several groups to a user.
+ Fix LDAP connector with AD servers
+ Conserve some memory in Contacts App
+ Fix a warning in Gallery when deleting files
+ Fix a bug in the music scanner
+
+Version 4.0.3 June 23rd 2012
+
+ Added a check if the .htaccess file is working and the data directory is protected or not.
+ Added a check if a user is allowed to edit a bookmark or not.
+ Fix the bookmarklet
+ Fix the timezone in the datepicker
+ Fix mimetype detection for cdr files
+ Fix the filecache for the /Shared folder
+ Fix a potential data corruption bug in the encryption app
+ Don´t show other users filenames during filesystem cache rebuild
+ Security: Fix several XSS bugs (CVE-2012-4395)
+ Performance improvements for WebDAV and Desktop Syncing
+ Fix quota calculation
+ Improve the LDAP integration and group management
+ Fix problems with the pdf viewer
+ Fix user account migration
+ Implement several CSRF security checks
+ Fix a gallery bug where first picture is repeated in the last picture.
+ Lot´s of calendar fixes
+ Fix problem with “/” in filenames
+ Updated translations
+ Several fixes in Contacts
+ Lot´s of fixes in the Tasks App
+ Fix a bug in the filesystem cache with ghost entries
+
+Version 4.0.2 June 11th 2012
+
+ Lot’s of gallery fixes
+ More 3rd party apps visible
+ Fixed update notifications
+ Several calendar fixes
+ Several XSS fixes in calendar (CVE-2012-4396)
+ Several improvements in contacts
+ Fix infinite redirect during setup for windows hosts
+ Several XSS fixes in contacts (CVE-2012-4396)
+ New user password salting
+ Several LDAP fixes
+ Fix duplicate emails in sharing
+ Improved compatibility with Android browser
+ Fixed calendar links
+ Fixed logging
+ Allow “/” in filenames
+ Updated translations
+ Fixed reverse proxy and custom hosts configuration
+ Fix contact photo editing
+ Don’t allow renaming, deleting and resharing of shared folder
+
+Version 4.0.1 June 4th 2012
+
+ Verify if user exists when loggin (oc-863)
+ More efficient log file handling
+ PDO requirement check
+ Check if apps folder is writable
+ prevent division by zero problem during output of free space
+ better mysql error message
+ correctly configure ldap group backend (oc-887)
+ sort users and groups (oc-779)
+ LDAP. correctly handle group filter (oc-867)
+ try to switch magic quotes of globally
+ fix ategory error reporting (oc-874)
+ correctly handle reverse proxy / load balancer https handling
+ prevent session already started warning
+ fix the files breadcrumb
+ don’t try to use smtp auth if config files says no
+ fix versioning path
+ security: fix a XSS problem in calendar
+ make LDAP pqsql compatible
+ fix pqsql database migration
+ fix ldap config interface
+ support for LDAP “member”
+ don’t hardcode /tmp
+ fix potential security problem for requested apps parameter
+ fix notes in contacts properly
+ fix timezone detection
+ fix interti_id in calendar
+ set DB prefix for pqsql
+ security: fix a XSS problem in contacts
+ correctly encode caldav link
+ allow longer path in gallery
+ disable not compatible apps during upgrade
+ fix HEAD request for downloads
+ fix private link sharing via email
+ use UTC as default timezone
+ style fixes for tasks app
+
+Version 4.0.0 May 22nd 2012
+
+ File Encryption
+ File Versioning
+ Mounting of external Filesystems (experimental)
+ TODOs App
+ Drag & Drop File Uploading
+ Shared Calendars
+ Calendar categories
+ Hugely improved contacts app including groups
+ Improved WebDAV, CalDAV, CardDAV compatibility
+ Movable Apps
+ Improved External App
+ Improved Sharing of Files
+ Overall Performance Improvements
+ System/User Exporting/Importing
+ User/Groups support via LDAP/AD
+ Viewer for ODF Files
+ Improved Photo Gallery
+ Improved installation of 3rd Party Apps
+ Logging via syslog
+ New public API for App developers
+ Lots of bug fixes, smaller enhancements and UX improvements.
+
+Version 3.0.3 April 27th 2012
+
+ Security: Several CSRF fixes
+ Security: .htaccess uploading blacklist
+ Backport link in the Help center to the online documentatio
+ Backport link in the Help center to the “Big Files” howto
+ Check if JSon module is installed
+ Check if GD module is installed
+
+Version 3.0.2 April 11th 2012
+
+ Drag and Drop fixed
+ Fixed Sharing for LDAP Users
+ Fix loading of LDAP Plugin
+ Security: Make password hashes more random
+ Security: Fix a XXS problem
+ Multiple bugfixes
+
+Version 3.0.1 April 3rd 2012
+
+ Fixes for big file uploads
+ Performance improvements for WebDAV
+ IE8 fixes
+ Several small bugfixes
+
+Version 3.0 January 31st 2012, Release Announcement
+
+ Text editor
+ Improved photo gallery
+ Improved calendar view
+ PDF viewer
--
owncloud.git
More information about the Pkg-owncloud-commits
mailing list