znuny (6.5.11-1~bpo12+1) bookworm-backports; urgency=medium * Rebuild for bookworm-backports. -- Patrick Matthäi Tue, 08 Oct 2024 11:00:31 +0200 znuny (6.5.11-1) unstable; urgency=medium * New upstream release. - Adjust debian/rules. -- Patrick Matthäi Wed, 02 Oct 2024 11:27:13 +0200 znuny (6.5.10-1) unstable; urgency=medium * New upstream release. - Adjust lintian overrides. * Bump Standards-Version to 4.7.0. -- Patrick Matthäi Wed, 24 Jul 2024 16:01:54 +0200 znuny (6.5.9-1) unstable; urgency=medium * New upstream release. -- Patrick Matthäi Mon, 08 Jul 2024 14:00:11 +0200 znuny (6.5.8-1) unstable; urgency=high * New upstream release. - Fixes CVE-2024-32493: Fixed SQL injection issue regarding Form IDs when cleaning up drafts. - Fixes CVE-2024-32491: Fixed security issue with uploading files that could be placed to any writable location and used for remote code execution. -- Patrick Matthäi Fri, 19 Apr 2024 16:09:51 +0200 znuny (6.5.6-1) unstable; urgency=medium * New upstream release. -- Patrick Matthäi Mon, 05 Feb 2024 11:06:00 +0100 znuny (6.5.5-1) unstable; urgency=medium * New upstream release. -- Patrick Matthäi Wed, 13 Dec 2023 15:14:42 +0100 znuny (6.5.4-1) unstable; urgency=medium * New upstream release. * Watch 6.x releases. -- Patrick Matthäi Thu, 24 Aug 2023 11:36:56 +0200 znuny (6.5.3-1) unstable; urgency=high * New upstream release. - This fixes CVE-2023-38060: Host header injection by attachments in web service. * Update debian/copyright. * Add znuny Debian package for the upcoming transition to it. * Adjust lintian overrides. -- Patrick Matthäi Fri, 28 Jul 2023 11:20:15 +0200 znuny (6.5.1-1) unstable; urgency=medium * New upstream release. - Add new dependency on libical-parser-perl. * Add 6.4 and 6.5 migration scripts. * On purge also delete backups folder. -- Patrick Matthäi Mon, 13 Mar 2023 15:05:51 +0100 znuny (6.4.5-2) unstable; urgency=medium * Add missing dependency on liblocale-codes-perl. -- Patrick Matthäi Thu, 12 Jan 2023 11:09:17 +0100 znuny (6.4.5-1) unstable; urgency=high * New upstream release. - Fixed SQL injection in TicketSearch.pm (CVE-2022-4427). * Bump Standards-Version to 4.6.2. -- Patrick Matthäi Wed, 21 Dec 2022 11:24:42 +0100 znuny (6.4.4-1) unstable; urgency=medium * New upstream release. -- Patrick Matthäi Thu, 15 Dec 2022 11:09:20 +0100 znuny (6.4.3-1) unstable; urgency=medium * New upstream release. - Adjust schema file names. -- Patrick Matthäi Wed, 21 Sep 2022 15:26:22 +0200 znuny (6.4.2-2) unstable; urgency=medium * Adjust renamed lintian tag name in override. * Adjust lintian overrides. -- Patrick Matthäi Wed, 14 Sep 2022 14:38:18 +0200 znuny (6.4.2-1) unstable; urgency=medium * New upstream release. - Rewrite patch 08-usable-apache-config. - Adjust lintian overrides. * Add 6.1.2 migration scripts. * Add 6.3.1 migration scripts. * Add libcrypt-jwt-perl and libhash-merge-perl as dependencies. -- Patrick Matthäi Mon, 01 Aug 2022 11:54:23 +0200 znuny (6.3.4-1) unstable; urgency=medium * New upstream release. * Bump Standards-Version to 4.6.1. -- Patrick Matthäi Wed, 22 Jun 2022 14:50:13 +0200 znuny (6.3.3-1) unstable; urgency=medium * New upstream release. * Uploading to unstable. -- Patrick Matthäi Thu, 05 May 2022 09:42:42 +0200 znuny (6.3.2-3) experimental; urgency=medium * Revert: Rename XS-Autobuild to just Autobuild. -- Patrick Matthäi Wed, 27 Apr 2022 10:29:35 +0200 znuny (6.3.2-2) experimental; urgency=medium * Rename source package to znuny. -- Patrick Matthäi Wed, 27 Apr 2022 09:54:45 +0200 otrs2 (6.3.2-1) unstable; urgency=medium * New upstream release. * Adjust lintian overrides. * Rename XS-Autobuild to just Autobuild. -- Patrick Matthäi Thu, 21 Apr 2022 14:02:59 +0200 otrs2 (6.3.1-1) unstable; urgency=medium * New upstream release. Closes: #1006973 - Add migration scripts for 6.3.1. * Add libdata-uuid-perl, libcss-minifier-xs-perl, libjavascript-minifier-xs-perl and libspreadsheet-xlsx-perl as dependency. * Hack and integrate the older 6.2 migrations scripts to ensure a safe upgrade from 6.0/6.1 to 6.3. -- Patrick Matthäi Fri, 11 Mar 2022 13:41:28 +0100 otrs2 (6.2.2-2) unstable; urgency=medium * Execute migration scripts for version 6.2.2. -- Patrick Matthäi Fri, 17 Dec 2021 09:40:39 +0100 otrs2 (6.2.2-1) unstable; urgency=medium * New upstream release. - Remove patch 07-otrs-business-check. -- Patrick Matthäi Fri, 17 Dec 2021 09:15:54 +0100 otrs2 (6.2.1-1) unstable; urgency=medium * New upstream release. - Adjust installed files. * Adjust debian/watch URL. * Adjust lintian overrides. -- Patrick Matthäi Fri, 29 Oct 2021 11:44:38 +0200 otrs2 (6.1.2-1) unstable; urgency=high * New upstream release. - Fixes CVE-2021-36096 and CVE-2021-36094. Closes: #993846 - Add 6.1.1 database upgrade scripts. - Remove patch 02-deactivate-cron-migrate. - Add new dependency libtext-diff-formattedhtml-perl. * Drop otrs meta package. * Remove deprecated database upgrade scripts. * Adjust lintian overrides. * Use which for test statement in postrm. -- Patrick Matthäi Thu, 14 Oct 2021 15:46:42 +0200 otrs2 (6.0.36-2) unstable; urgency=medium * Bump Standards-Version to 4.6.0. * Uploading to unstable. -- Patrick Matthäi Wed, 01 Sep 2021 17:01:00 +0200 otrs2 (6.0.36-1) experimental; urgency=medium * New upstream release. - Drop merged patches 13-CVE-2021-21252, 14-ZSA-2021-03, 15-ZSA-2021-06, 16-CVE-2021-36091, 17-CVE-2021-21440 and 18-CVE-2021-21443. * Adjust lintian overrides. -- Patrick Matthäi Fri, 06 Aug 2021 13:46:33 +0200 otrs2 (6.0.32-6) unstable; urgency=high * Add upstream patches to fix CVE-2021-36091, CVE-2021-21440 and CVE-2021-21443. Closes: #991593 -- Patrick Matthäi Thu, 05 Aug 2021 10:37:30 +0200 otrs2 (6.0.32-5) unstable; urgency=high * Add upstream patch 14-ZSA-2021-03: There is a denial of service issue, when a mail with a special crafted url is received. This can lead to a maxout of the available server-CPU(s) and can reduce the quality of service or even bring the system to a halt. This addresses CVE-2021-21439. Closes: #989992 * Add upstream patch 15-ZSA-2021-06: There is a XSS vulnerability in the ticket overviews, which can used to extract all kind of information just by having a e-mail shown in an overview. An attacker can send a prepared e-mail to the system to trigger the attack. This addresses CVE-2021-21441. Closes: #989992 -- Patrick Matthäi Fri, 18 Jun 2021 15:10:23 +0200 otrs2 (6.0.32-4) unstable; urgency=high * Add upstream patch to update jquery-validate from version 1.16.0 to 1.19.3. This fixes CVE-2021-21252. Closes: #980891 -- Patrick Matthäi Wed, 05 May 2021 10:36:52 +0200 otrs2 (6.0.32-3) unstable; urgency=medium * debian/watch: Adjust github URL. * Adjust symlinks to the dejavu fonts and remove obsolete ARCHIVE symlink. Closes: #985751 -- Patrick Matthäi Fri, 09 Apr 2021 10:50:35 +0200 otrs2 (6.0.32-2) unstable; urgency=medium * Uploading to unstable. -- Patrick Matthäi Tue, 02 Mar 2021 20:08:29 +0100 otrs2 (6.0.32-1) experimental; urgency=medium * New upstream release. - Switch to Znuny fork so we still get security updates. Closes: #982927 -- Patrick Matthäi Mon, 01 Mar 2021 11:37:29 +0100 otrs2 (6.0.30-2) unstable; urgency=medium * Bump Standards-Version to 4.5.1. * Update debian/watch file standard to version 4. * Adjust lintian overrides. -- Patrick Matthäi Thu, 19 Nov 2020 14:59:19 +0100 otrs2 (6.0.30-1) unstable; urgency=high * New upstream release. - Fixes CVE-2020-11023 and CVE-2020-11022, also known as OSA-2020-14: OTRS uses jquery version 3.4.1, which is vulnerable to cross-site scripting (XSS). * Adjust lintian overrides. -- Patrick Matthäi Mon, 12 Oct 2020 10:31:12 +0200 otrs2 (6.0.29-1) unstable; urgency=high * New upstream release. - Fixes CVE-2020-1776, also known as OSA-2020-13: When an agent user is renamed or set to invalid the session belonging to the user is kept active. The session can not be used to access ticket data in the case the agent is invalid. * Add missing dependency on libmoo-perl. * Adjust many lintian overrides. * Replace shebangs with /usr/bin/perl. * Don't install examples anymore. -- Patrick Matthäi Tue, 21 Jul 2020 10:25:01 +0200 otrs2 (6.0.28-2) unstable; urgency=high * Replace old ttf-dejavu dependencies with fonts-dejavu-extra and adjust the paths to the fonts. Closes: #961390 -- Patrick Matthäi Tue, 02 Jun 2020 10:07:56 +0200 otrs2 (6.0.28-1) unstable; urgency=high * New upstream release. - Fixes CVE-2020-1774, also known as OSA-2020-11: When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it’s possible to mix them and to send private key to the third-party instead of public key. Closes: #959448 * Add new dependency libmath-random-secure-perl. * Upgrade to debhelper-compat 13. -- Patrick Matthäi Mon, 04 May 2020 13:32:51 +0200 otrs2 (6.0.27-1) unstable; urgency=high * New upstream release. - Fixes CVE-2020-1773, also known as OSA-2020-10: It is possible that an authenticated user guess other session IDs based on its own. Also it is possible to guess a password reset token or an automated password generated. -- Patrick Matthäi Tue, 31 Mar 2020 10:46:34 +0200 otrs2 (6.0.26-1) unstable; urgency=high * New upstream release. - Fixes CVE-2019-11358, also known as OSA-2020-05: OTRS use jquery version 3.2.1, which is vulnerable to the prototype pollution attack. -- Patrick Matthäi Fri, 07 Feb 2020 15:27:15 +0100 otrs2 (6.0.25-3) unstable; urgency=high * New version with pre-built binaries. -- Patrick Matthäi Fri, 31 Jan 2020 09:20:15 +0100 otrs2 (6.0.25-2) unstable; urgency=medium * Adjust lintian overrides. * Bump Standards-Version to 4.5.0. -- Patrick Matthäi Thu, 23 Jan 2020 16:33:10 +0100 otrs2 (6.0.25-1) unstable; urgency=high * New upstream release. - Fixes CVE-2020-1767, also known as OSA-2020-03: Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. -- Patrick Matthäi Mon, 20 Jan 2020 11:21:00 +0100 otrs2 (6.0.24-1) unstable; urgency=high * New upstream release. - Fixes CVE-2019-18179, also known as OSA-2019-14: An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, which are in the queue where attacker doesn’t have permissions. - Fixes CVE-2019-18180, also known as OSA-2019-15: OTRS can be put into an endless loop by providing filenames with overly long extensions. This applies to the PostMaster (sending in email) and also upload (attaching files to mails, for example). Closes: #945251 * Add dependency on package libcpan-audit-perl. * Use the new debhelper-compat notation, and drop the d/compat file. -- Patrick Matthäi Fri, 27 Dec 2019 10:51:52 +0100 otrs2 (6.0.23-2) unstable; urgency=medium * Build binary packages. -- Patrick Matthäi Fri, 11 Oct 2019 10:20:09 +0200 otrs2 (6.0.23-1) unstable; urgency=high * New upstream release. - Fixes CVE-2019-16375, also known as OSA-2019-13: An attacker who is logged into OTRS as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent compose an answer to the original article. - Refresh patch 03-backup. - Rewrite patch 04-opt. - Refresh patch 09-disable-DashboardProductNotify. - Refresh patch 11-do-not-test-file-writes. - Refresh patch 12-font-paths. * Add Rules-Requires-Root no field. * Bump Standards-Version to 4.4.1. -- Patrick Matthäi Mon, 07 Oct 2019 11:48:10 +0200 otrs2 (6.0.22-1) unstable; urgency=medium * New upstream release. -- Patrick Matthäi Mon, 02 Sep 2019 12:54:14 +0200 otrs2 (6.0.21-1) unstable; urgency=medium * New upstream release. -- Patrick Matthäi Wed, 28 Aug 2019 14:57:13 +0200 otrs2 (6.0.20-1) unstable; urgency=medium * New upstream release. * Bump Standards-Version to 4.4.0. -- Patrick Matthäi Fri, 12 Jul 2019 10:13:22 +0200 otrs2 (6.0.19-1) unstable; urgency=medium * New upstream release. - Fixes OSA-2019-08, also known as CVE-2019-12248: An attacker could send a malicious email to an OTRS system. If a logged in agent user quotes it, the email could cause the browser to load external image resources. - Fixes OSA-2019-09, also known as CVE-2019-12497: In the customer or external frontend, personal information of agents can be disclosed like name and mail address in external notes. * Merge 6.0.16-2 changelog. -- Patrick Matthäi Thu, 06 Jun 2019 10:45:46 +0200 otrs2 (6.0.18-1) unstable; urgency=high * New upstream release. - Fixes OSA-2019-06, also known as CVE-2019-10066: An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS. - Fixes OSA-2019-05, also known as CVE-2019-10067: An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS. - Fixes OSA-2019-04, also known as CVE-2019-9892: An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files of OTRS filesystem. -- Patrick Matthäi Fri, 26 Apr 2019 11:00:38 +0200 otrs2 (6.0.17-1) unstable; urgency=medium * New upstream release. - Fixes OSA-2019-02: An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. -- Patrick Matthäi Fri, 08 Mar 2019 14:49:17 +0100 otrs2 (6.0.16-2) buster; urgency=high * Add patch 13-OSA-2019-02, which fixes OSA-2019-02, also known as CVE-2019-9751: An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. * Add patch 16-OSA-2019-06, which fixes OSA-2019-06, also known as CVE-2019-10066: An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS. * Add patch 15-OSA-2019-05, which fixes OSA-2019-05, also known as CVE-2019-10067: An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS. * Add patch 14-OSA-2019-04, which fixes OSA-2019-04, also known as CVE-2019-9892: An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files of OTRS filesystem. -- Patrick Matthäi Thu, 09 May 2019 11:06:21 +0200 otrs2 (6.0.16-1) unstable; urgency=high * New upstream release. - This release fixes OSA-2019-01: An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. * Bump debian/compat to level 12. -- Patrick Matthäi Fri, 18 Jan 2019 13:16:27 +0100 otrs2 (6.0.15-1) unstable; urgency=medium * New upstream release. * Bump Standards-Version to 4.3.0. -- Patrick Matthäi Thu, 27 Dec 2018 11:59:21 +0100 otrs2 (6.0.14-1) unstable; urgency=high * New upstream release. - Fixes OSA-2018-10: Users updating to OTRS 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table. -- Patrick Matthäi Thu, 15 Nov 2018 11:15:54 +0100 otrs2 (6.0.13-1) unstable; urgency=high * New upstream release. - Fixes OSA-2018-07: An attacker who is logged into OTRS as a user may manipulate the submission form to cause deletion of arbitrary files that the OTRS web server user has write access to. - Fixes OSA-2018-08: An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. - Fixes OSA-2018-09: An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. * Correct instructions to use the package manager. Closes: #909160 * Merge 6.0.12-1~bpo9+1 and 5.0.16-1+deb9u6 changelog. -- Patrick Matthäi Fri, 09 Nov 2018 10:22:44 +0100 otrs2 (6.0.12-1~bpo9+1) stretch-backports; urgency=medium * Rebuild for stretch-backports. -- Patrick Matthäi Fri, 12 Oct 2018 09:42:48 +0200 otrs2 (6.0.12-1) unstable; urgency=high * New upstream release. - Fixes CVE-2018-17883, also known as OSA-2018-06: An attacker could send an email with a malicious link to an OTRS system or an agent. If a logged in agent opens this link, it could cause the execution of JavaScript in the context of OTRS. * Add XS-Autobuild yes to debian/control. * Adjust lintian overrides. * Correct 6.0.11-1 changelog about the fixed CVEs. * Merge 6.0.11-1~bpo9+1 changelog. * Remove extra documentation files. -- Patrick Matthäi Tue, 09 Oct 2018 12:00:19 +0200 otrs2 (6.0.11-1~bpo9+1) stretch-backports; urgency=medium * Rebuild for stretch-backports. -- Patrick Matthäi Mon, 24 Sep 2018 10:53:52 +0200 otrs2 (6.0.11-1) unstable; urgency=high * New upstream release. - Fixes CVE-2018-16587, also known as OSA-2018-04: An attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to. - Fixes CVE-2018-16586, also known as OSA-2018-05: An attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to. * Bump Standards-Version to 4.2.1. * Correct outdated SetPermissions example in README.Debian. Closes: #909160 -- Patrick Matthäi Fri, 21 Sep 2018 16:21:29 +0200 otrs2 (6.0.10-1) unstable; urgency=medium * New upstream release. * Merge 6.0.9-1~bpo9+1 changelog. -- Patrick Matthäi Tue, 31 Jul 2018 10:31:17 +0200 otrs2 (6.0.9-1~bpo9+1) stretch-backports; urgency=medium * Rebuild for stretch-backports. -- Patrick Matthäi Tue, 31 Jul 2018 09:14:35 +0200 otrs2 (6.0.9-1) unstable; urgency=medium * New upstream release. * Do not run the database upgrade script in non-interactive mode, because a working database upgrade requires some questions and answers about the used timezone. * Correct Backups directory permissions before calling setup_database. * Bump Standards-Version to 4.1.5. * Adjust lintian overrides. * Add non-free disclaimer to debian/copyright. -- Patrick Matthäi Thu, 26 Jul 2018 14:46:46 +0200 otrs2 (6.0.8-1) unstable; urgency=medium * New upstream release. -- Patrick Matthäi Tue, 12 Jun 2018 10:59:58 +0200 otrs2 (6.0.7-1) unstable; urgency=medium * New upstream release. * Use new libsisimai-perl Debian package. Closes: #887514 * Bump Standards-Version to 4.1.4. * OTRS 6.x is compatible with GPG2. Closes: #890544 -- Patrick Matthäi Mon, 07 May 2018 16:35:31 +0200 otrs2 (6.0.6-1) unstable; urgency=medium * New upstream release. * Correct renamed lintian tag. * Move lintian-overrides file to source directory. -- Patrick Matthäi Thu, 15 Mar 2018 15:38:44 +0100 otrs2 (6.0.5-1) unstable; urgency=medium * New upstream release. - Rewrite patch 03-backup. -- Patrick Matthäi Thu, 15 Feb 2018 10:36:17 +0100 otrs2 (6.0.4-1) unstable; urgency=medium * New upstream release. * Add dependency on libclass-accessor-lite-perl. Closes: #887518 * Bump Standards-Version to 4.1.3 (no changes required). * Bump debian/compat to level 11. * Temporary install Sisimai Perl module to work around #887514 until this module is packaged. * Adjust otrs2.docs installation. * Adjust lintian overrides. -- Patrick Matthäi Wed, 24 Jan 2018 14:49:12 +0100 otrs2 (6.0.3-1) unstable; urgency=high * New upstream release. - This fixes OSA-2017-10, also known as CVE-2017-17476: A session hijacking vulnerability. Closes: #884801 * Merge 3.3.18-1+deb8u3, 3.3.18-1+deb8u4, 5.0.16-1+deb9u4 and 5.0.16-1+deb9u5 changelog. * Bump Standards-Version to 4.1.2 (no changes required). -- Patrick Matthäi Wed, 20 Dec 2017 09:25:55 +0100 otrs2 (6.0.2-1) unstable; urgency=high * New upstream release. - This release fixes OSA-2017-08, also known as CVE-2017-16854. - Refresh patch 06-no-installer. * Merge 5.0.16-1+deb9u4 changelog. -- Patrick Matthäi Thu, 07 Dec 2017 14:05:54 +0100 otrs2 (6.0.1-1) unstable; urgency=low * New upstream release. - Remove patch 02-dbupdate-as-root. - Rewrite patch 03-backup. - Rewrite patch 04-opt. - Rewrite patch 06-no-installer. - Rewrite patch 07-otrs-business-check. - Rewrite patch 09-disable-DashboardProductNotify. - Rewrite patch 11-do-not-test-file-writes. - Rewrite patch 12-font-paths. - Remove now useless empty directories for SQL upgrade scripts. - Add new dependencies libcrypt-ssleay-perl, libxml-simple-perl, libxml-libxml-simple-perl and libdatetime-perl. * Merge 5.0.24-1~bpo9+1 changelog. * Rename patch 14-font-paths to 12-font-paths. * Do not use yui-compressor anymore. * Remove deprecated otrs2.maintscript. * Remove deprecated MySQL upgrade notice from README.Debian. * Remove deprecated replaces and breaks from debian/control. * Adjust fonts-font-awesome paths. * Adjust debian/copyright. * Adjust source-contains-prebuilt-javascript-object lintian overrides. * Remove deprecated database scripts and install new 6.0 ones. * Add patch 02-deactivate-cron-migrate to disable the automatic cronjob migration on upgrading from version 5. * Kill otrs.Daemon processes on purge before trying to delete the user. * Reorder packaging. * Add new Config/Backups directory. -- Patrick Matthäi Fri, 01 Dec 2017 11:43:12 +0100 otrs2 (5.0.24-1~bpo9+1) stretch-backports; urgency=high * Rebuild for stretch-backports. -- Patrick Matthäi Thu, 30 Nov 2017 09:54:44 +0100 otrs2 (5.0.24-1) unstable; urgency=high * New upstream release. - This fixes OSA-2017-07, also known as CVE-2017-16664: An attacker who is logged into OTRS as an agent can request special URLs from OTRS which can lead to the execution of shell commands with the permissions of the web server user. Closes: #882370 * Merge 3.3.18-1+deb8u1, 3.3.18-1+deb8u2, 5.0.16-1+deb9u2, 5.0.16-1+deb9u3 and 5.0.23-1~bpo9+1 changelog. * Use secure URI in debian/watch and for the homepage field. * Bump Standards-Version to 4.1.1 (no changes required). -- Patrick Matthäi Wed, 22 Nov 2017 16:33:29 +0100 otrs2 (5.0.23-1~bpo9+1) stretch-backports; urgency=medium * Rebuild for stretch-backports. -- Patrick Matthäi Wed, 08 Nov 2017 10:41:38 +0100 otrs2 (5.0.23-1) unstable; urgency=high * New upstream release. - This fixes OSA-2017-04, also known as CVE-2017-14635: An attacker who is logged into OTRS as an agent with write permissions for statistics can inject arbitrary code into the system. This can lead to serious problems like privilege escalation, data loss, and denial of service. Closes: #876462 - Refresh patch 07-otrs-business-check. - Refresh patch 09-disable-DashboardProductNotify. - Refresh patch 11-do-not-test-file-writes. - Refresh patch 14-font-paths. * Bump Standards-Version to 4.1.0 (no changes required). -- Patrick Matthäi Thu, 28 Sep 2017 10:42:32 +0200 otrs2 (5.0.22-1) unstable; urgency=medium * New upstream release. * Merge 5.0.21-1~bpo9+1 changelog. * Add dependency on libmodule-refresh-perl. * Bump debian/compat to level 10. * Override embedded-javascript-library lintian warnings. The libraries are not replaceable with the Debian versions. -- Patrick Matthäi Wed, 02 Aug 2017 09:57:31 +0200 otrs2 (5.0.21-1~bpo9+1) stretch-backports; urgency=medium * Rebuild for stretch-backports. -- Patrick Matthäi Mon, 24 Jul 2017 12:37:53 +0200 otrs2 (5.0.21-1) unstable; urgency=medium * New upstream release. * Bump Standards-Version to 4.0.0 (no changes required). -- Patrick Matthäi Tue, 18 Jul 2017 15:35:45 +0200 otrs2 (5.0.20-1) unstable; urgency=high * New upstream release. - This fixes OSA-2017-03, also known as CVE-2017-9324: An attacker with agent permission is capable by opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. Closes: #864319 * Remove obsolete symlink for jquery-ui. Closes: #864175 * Merge 3.3.9-3+deb8u1 and 5.0.16-1+deb9u1 changelog. -- Patrick Matthäi Thu, 08 Jun 2017 10:39:18 +0200 otrs2 (5.0.19-1) unstable; urgency=low * New upstream release. * Uploading to unstable. -- Patrick Matthäi Tue, 09 May 2017 09:35:01 +0200 otrs2 (5.0.18-1) experimental; urgency=low * New upstream release. - Rewrite patch 03-backup. -- Patrick Matthäi Fri, 31 Mar 2017 10:08:13 +0200 otrs2 (5.0.17-1) unstable; urgency=low * New upstream release. * Merge 5.0.16-1~bpo8+1 changelog. -- Patrick Matthäi Thu, 09 Mar 2017 14:56:10 +0100 otrs2 (5.0.16-1~bpo8+1) jessie-backports; urgency=medium * Rebuild for jessie-backports. -- Patrick Matthäi Mon, 06 Feb 2017 10:35:25 +0100 otrs2 (5.0.16-1+deb9u6) stretch-security; urgency=high * Add patch 21-OSA-2018-03: This fixes OSA-2018-03, also known as CVE-2018-14593: An attacker who is logged into OTRS as a user may escalate their privileges by accessing a specially crafted URL. * Add patch 22-OSA-2018-04: This fixes OSA-2018-04, also known as CVE-2018-16587: An attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to. * Add patch 23-OSA-2018-05: This fixes OSA-2018-05, also known as CVE-2018-16586: An attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources. -- Patrick Matthäi Fri, 12 Oct 2018 13:45:33 +0200 otrs2 (5.0.16-1+deb9u5) stretch-security; urgency=high * Add patch 20-OSA-2017-10: This fixes OSA-2017-10: An attacker can send a specially prepared email to an OTRS system. If this system has cookie support disabled, and a logged in agent clicks a link in this email, the session information could be leaked to external systems, allowing the attacker to take over the agent’s session. -- Patrick Matthäi Tue, 19 Dec 2017 10:56:05 +0100 otrs2 (5.0.16-1+deb9u4) stretch-security; urgency=high * Add patch 19-CVE-2017-16921: This fixes OSA-2017-09, also known as CVE-2017-16921: An attacker who is logged into OTRS as an agent can manipulate form parameters and execute arbitrary shell commands with the permissions of the OTRS or web server user. Closes: #883774 * Add patch 18-CVE-2017-16854: This fixes OSA-2017-08, also known as CVE-2017-16854: An attacker who is logged into OTRS as a customer can use the ticket search form to disclose internal article information of their customer tickets. -- Patrick Matthäi Thu, 07 Dec 2017 13:51:47 +0100 otrs2 (5.0.16-1+deb9u3) stretch-security; urgency=high * Add patch 17-CVE-2017-16664: This fixes OSA-2017-07, also known as CVE-2017-16664: An attacker who is logged into OTRS as an agent can request special URLs from OTRS which can lead to the execution of shell commands with the permissions of the web server user. Closes: #882370 -- Patrick Matthäi Wed, 22 Nov 2017 15:16:23 +0100 otrs2 (5.0.16-1+deb9u2) stretch-security; urgency=high * Add patch 16-CVE-2017-14635: This fixes OSA-2017-04, also known as CVE-2017-14635: An attacker who is logged into OTRS as an agent with write permissions for statistics can inject arbitrary code into the system. This can lead to serious problems like privilege escalation, data loss, and denial of service. Closes: #876462 -- Patrick Matthäi Mon, 06 Nov 2017 15:22:44 +0100 otrs2 (5.0.16-1+deb9u1) stretch-security; urgency=high * Add patch 15-CVE-2017-9324: This fixes OSA-2017-03, also known as CVE-2017-9324: An attacker with agent permission is capable by opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. Closes: #864319 -- Patrick Matthäi Thu, 08 Jun 2017 10:29:28 +0200 otrs2 (5.0.16-1) unstable; urgency=low * New upstream release. - Refresh patch 09-disable-DashboardProductNotify. - Refresh patch 14-font-paths. -- Patrick Matthäi Tue, 24 Jan 2017 12:31:59 +0100 otrs2 (5.0.15-1) unstable; urgency=medium * New upstream release. - Refresh patch 01-cron. - Refresh patch 03-backup. - Refresh patch 07-otrs-business-check. - Refresh patch 09-disable-DashboardProductNotify. - Refresh patch 11-do-not-test-file-writes. - Refresh patch 14-font-paths. * Merge 5.0.14-1~bpo8+1 changelog. -- Patrick Matthäi Mon, 19 Dec 2016 16:31:47 +0100 otrs2 (5.0.14-1~bpo8+1) jessie-backports; urgency=medium * Rebuild for jessie-backports. -- Patrick Matthäi Thu, 24 Nov 2016 11:40:53 +0100 otrs2 (5.0.14-1) unstable; urgency=high * New upstream release. - Fixes CVE-2016-9139, also known as OSA-2016-02: An attacker could trick an authenticated agent or customer into opening a malicious attachment which could lead to the execution of JavaScript in OTRS context. Closes: #843091 * Adjust linitian overrides. -- Patrick Matthäi Wed, 09 Nov 2016 10:06:51 +0100 otrs2 (5.0.13-2) unstable; urgency=medium * Move package from main to non-free, because of the "browserified" issue as long as there is no way to replace all embedded javascript code copies safely (without introducing new issues as in the past) from the package. Closes: #695664, #836181 * Merge 5.0.13-1~bpo8+1 changelog. * Recommend default-mysql-client and default-mysql-server package. -- Patrick Matthäi Mon, 17 Oct 2016 10:25:02 +0200 otrs2 (5.0.13-1~bpo8+1) jessie-backports; urgency=medium * Rebuild for jessie-backports. -- Patrick Matthäi Wed, 05 Oct 2016 16:10:06 +0200 otrs2 (5.0.13-1) unstable; urgency=medium * New upstream release. -- Patrick Matthäi Thu, 22 Sep 2016 10:22:35 +0200 otrs2 (5.0.12-1) unstable; urgency=medium * New upstream release. - Refresh patch 09-disable-DashboardProductNotify. - Refresh patch 14-font-paths. -- Patrick Matthäi Fri, 12 Aug 2016 11:18:26 +0200 otrs2 (5.0.11-1) unstable; urgency=medium * New upstream release. - Refresh patch 07-otrs-business-check. - Refresh patch 08-usable-apache-config. - Refresh patch 09-disable-DashboardProductNotify. - Refresh patch 14-font-paths. * Merge 5.0.10-1~bpo8+1 changelog. * Overwrite false positive lintian warning about prebuilt javascript object Core.UI.InputFields.UnitTest.js. * Remove GenericAgent.pm on purge. -- Patrick Matthäi Thu, 07 Jul 2016 09:55:45 +0200 otrs2 (5.0.10-1~bpo8+1) jessie-backports; urgency=medium * Rebuild for jessie-backports. -- Patrick Matthäi Tue, 24 May 2016 09:26:40 +0200 otrs2 (5.0.10-1) unstable; urgency=medium * New upstream release. - Refresh patch 09-disable-DashboardProductNotify. - Refresh patch 11-do-not-test-file-writes. - Refresh patch 14-font-paths. * Bump Standards-Version to 3.9.8 (no changes required). * Mangle repack in debian/watch. -- Patrick Matthäi Tue, 17 May 2016 12:53:34 +0200 otrs2 (5.0.9+repack1-1) unstable; urgency=medium * Revert usage of external ckeditor package, since it breaks OTRS. Create an new repack package. -- Patrick Matthäi Wed, 20 Apr 2016 11:44:47 +0200 otrs2 (5.0.9+dfsg1-1) unstable; urgency=medium * New upstream release. * Overwrite lintian warning about embedded-javascript-library libjs-jquery, because the Debian version is not compatible with OTRS. * Overwrite two false positive lintian warnings about prebuilt javascript objects (Core.UI.AdvancedChart.js and Core.Agent.CustomerSearch.js). -- Patrick Matthäi Fri, 08 Apr 2016 09:39:59 +0200 otrs2 (5.0.8+dfsg1-1) unstable; urgency=low * Merge 5.0.8-1~bpo8+1 changelog. * Create a dfsg1 release without ckeditor and use the system version of it. I cross the fingers that it will work like a charm and remove this again, if it broke again in the future. Closes: #814589 -- Patrick Matthäi Fri, 01 Apr 2016 09:42:04 +0200 otrs2 (5.0.8-1~bpo8+1) jessie-backports; urgency=medium * Rebuild for jessie-backports. -- Patrick Matthäi Thu, 24 Mar 2016 09:38:01 +0100 otrs2 (5.0.8-1) unstable; urgency=medium * New upstream release. - Refresh patch 11-do-not-test-file-writes. * Drop patch 10-nice-packagemanager-permissions-message. The error message will not be thrown to the webbrowser. -- Patrick Matthäi Thu, 17 Mar 2016 19:47:32 +0100 otrs2 (5.0.7-1) unstable; urgency=medium * New upstream release. - Refresh patch 09-disable-DashboardProductNotify. - Refresh patch 10-nice-packagemanager-permissions-message. - Refresh patch 11-do-not-test-file-writes. - Refresh patch 14-font-paths. * Merge 5.0.6-1~bpo8+1 changelog. * Bump Standards-Version to 3.9.7 (no changes required). * Do not overwrite source-contains-prebuilt-object lintian warnings. -- Patrick Matthäi Tue, 16 Feb 2016 13:20:26 +0100 otrs2 (5.0.6-1~bpo8+1) jessie-backports; urgency=medium * Rebuild for jessie-backports. -- Patrick Matthäi Tue, 26 Jan 2016 09:23:39 +0100 otrs2 (5.0.6-1) unstable; urgency=medium * New upstream release. - Refresh hunky patch 09-disable-DashboardProductNotify. - Refresh hunky patch 14-font-paths. -- Patrick Matthäi Tue, 19 Jan 2016 09:07:34 +0100 otrs2 (5.0.5-1) unstable; urgency=medium * New upstream release. * Add patch 07-otrs-business-check to deactivate OTRSBusinessEntitlementCheck and OTRSBusinessAvailabilityCheck cronjob in the default configuration, since they connect to cloud.otrs.com. Closes: #806263 -- Patrick Matthäi Wed, 16 Dec 2015 10:18:39 +0100 otrs2 (5.0.3-1) unstable; urgency=medium * New upstream release. * Do not use anymore embedded Lingua::Translit library and depend on liblingua-translit-perl. -- Patrick Matthäi Tue, 17 Nov 2015 13:34:27 +0100 otrs2 (5.0.2-1) unstable; urgency=medium * New upstream release. * Add dependency on new package libschedule-cron-events-perl. Closes: #803301 * Add dependency on libhtml-parser-perl. * Add dependency on libhtml-tagset-perl and libhtml-truncate-perl and remove the cpan-lib/HTML directory. -- Patrick Matthäi Thu, 05 Nov 2015 14:18:07 +0100 otrs2 (5.0.1-2) unstable; urgency=medium * Drop dependency on libjs-jquery-ui and the patches 12-use-debian-libjs-packages and 13-load-debian-libjs. Use again the embedded version. Closes: #802938 -- Patrick Matthäi Mon, 26 Oct 2015 18:13:00 +0100 otrs2 (5.0.1-1) unstable; urgency=medium * New upstream release. - Rewrite patch 01-cron, everything is working now with the new scheduler. - Use DB-Update-5 script in 02-dbupdate-as-root. - Refresh hunky patch 03-backup. - Rewrite patch 04-opt. - Rewrite patch 05-database. - Refresh hunky patch 06-no-installer. - Refresh hunky patch 09-disable-DashboardProductNotify. - Rewrite patch 10-nice-packagemanager-permissions-message. - Refresh hunky patch 11-do-not-test-file-writes. - Rewrite patch 12-use-debian-libjs-packages. - Rewrite patch 13-load-debian-libjs. - Refresh hunky patch 14-font-paths. - Adjust yui-compressor paths in debian/rules. - Adjust package descriptions for release 5. - Add new dependencies on libxml-libxml-perl and libxml-libxslt-perl. - Install and use new DBUpdate 5 schema files and script for upgrading. - Use new tool otrs.Console.pl, which replaced old scripts like otrs.CheckDB.pl, otrs.RebuildConfig and otrs.DeleteCache. - Adjust otrs2.install. * Merge 4.0.13-1~bpo8+1 changelog. * Do not suggest dropped otrs2-doc packages anymore. * Watch again all releases. * Import DBUpdate-to-4 from the last OTRS 4.0.13 release. * Remove obsolete stuff from debian/rules. * Remove auto_build directory. * Adjust debian/copyright. * Remove GenericAgent.pm from config file handling. * Install required Lingua cpan module. * Add dependency libpod-strip-perl. * Use otrs.Console.pl in otrs2.config to get database parameters. * Set additional new permissions on the configuration directory. * Create /run/otrs in cronjob, if it does not exist. -- Patrick Matthäi Fri, 23 Oct 2015 15:44:39 +0200 otrs2 (4.0.13-1~bpo8+1) jessie-backports; urgency=medium * Rebuild for jessie-backports. -- Patrick Matthäi Wed, 07 Oct 2015 10:24:37 +0200 otrs2 (4.0.13-1) unstable; urgency=medium * New upstream release. -- Patrick Matthäi Thu, 01 Oct 2015 14:57:24 +0200 otrs2 (4.0.12-1) unstable; urgency=medium * New upstream release. -- Patrick Matthäi Mon, 21 Sep 2015 13:50:33 +0200 otrs2 (4.0.11-1) unstable; urgency=medium * New upstream release. * Temporary only watch 4.x releases. -- Patrick Matthäi Fri, 28 Aug 2015 11:19:49 +0200 otrs2 (4.0.10-1) unstable; urgency=medium * New upstream release. -- Patrick Matthäi Thu, 16 Jul 2015 20:20:34 +0200 otrs2 (4.0.9-1) unstable; urgency=low * New upstream release. - Refresh hunky patch 11-do-not-test-file-writes. * Overwrite false positive lintian warning command-with-path-in-maintainer-script. -- Patrick Matthäi Tue, 07 Jul 2015 09:46:32 +0200 otrs2 (4.0.8-1) unstable; urgency=low * New upstream release. * Switch to DEP5 debian/copyright format. -- Patrick Matthäi Tue, 12 May 2015 20:02:51 +0200 otrs2 (4.0.7-2) unstable; urgency=low * Upload to unstable. -- Patrick Matthäi Wed, 29 Apr 2015 10:00:47 +0200 otrs2 (4.0.7-1) experimental; urgency=low * New upstream release. - Refresh hunky patch 08-usable-apache-config. * Merge 3.3.9-3~bpo70+1 changelog. * Also add virtual-mysql-server to suggests. Closes: #781975 -- Patrick Matthäi Mon, 13 Apr 2015 19:20:40 +0200 otrs2 (4.0.6-1) experimental; urgency=low * New upstream release. * Always set correct permissions on TicketCounter.log. -- Patrick Matthäi Tue, 24 Feb 2015 11:42:49 +0100 otrs2 (4.0.5-2) experimental; urgency=low * Do not install TicketCounter.log. * Add missing patch description to 11-do-not-test-file-writes. * Add lintian overrides for two false positives package-contains-broken-symlink warnings. -- Patrick Matthäi Sat, 14 Feb 2015 16:53:13 +0100 otrs2 (4.0.5-1) experimental; urgency=low * New upstream release. - Rewrite patch 03-backup. - Refresh hunky patch 04-opt. - Refresh hunky patch 06-no-installer. - Drop patch 07-dont-chown-links. - Refresh hunky patch 08-usable-apache-config. - Refresh hunky patch 09-disable-DashboardProductNotify. - Refresh hunky patch 10-nice-packagemanager-permissions-message. - Drop patch 11-fix-SetPermissions-to-include-some-more-dirs. - Refresh hunky patch 12-use-debian-libjs-packages. - Refresh hunky patch 13-load-debian-libjs.diff. - Refresh hunky patch 14-font-paths. - Add database update scripts for 4.0.3. - Add new dependencies libtemplate-perl and libgd-gd2-perl. * Add database update script for 3.3 from older tarball and drop patch 15-dbupdate-as-root. * Move Perl modules from suggests and recommends to depends. * Adjust long description that this is OTRS version 4. * Merge 3.1.7+dfsg1-8+deb7u5 changelog. * Use Debian version of FontAwesome.otf. * Add new dependencies on libcgi-pm-perl and libexcel-writer-xlsx-perl. * Add patch 11-do-not-test-file-writes which deactivates most file write checks in /usr/share/otrs. -- Patrick Matthäi Thu, 05 Feb 2015 17:00:30 +0100 otrs2 (3.3.18-1+deb8u4) jessie-security; urgency=high * Add patch 20-OSA-2017-10: This fixes OSA-2017-10: An attacker can send a specially prepared email to an OTRS system. If this system has cookie support disabled, and a logged in agent clicks a link in this email, the session information could be leaked to external systems, allowing the attacker to take over the agent’s session. -- Patrick Matthäi Tue, 19 Dec 2017 10:55:46 +0100 otrs2 (3.3.18-1+deb8u3) jessie-security; urgency=high * Add patch 18-OSA-2017-08: This fixes OSA-2017-08, also known as CVE-2017-16854: An attacker who is logged into OTRS as a customer can use the ticket search form to disclose internal article information of their customer tickets. * Add patch 19-OSA-2017-09: This fixes OSA-2017-09, also known as CVE-2017-16921: An attacker who is logged into OTRS as an agent can manipulate form parameters and execute arbitrary shell commands with the permissions of the OTRS or web server user. Closes: #883774 -- Patrick Matthäi Wed, 13 Dec 2017 13:11:19 +0100 otrs2 (3.3.18-1+deb8u2) jessie-security; urgency=high * Add patch 16-OSA-2017-06 which fixes OSA-2017-06, also known as CVE-2017-15864: An attacker who is logged into OTRS as an agent can request special URLs from OTRS which can lead to the disclosure of any configuration information, including database credentials. * Add patch 17-OSA-2017-07 which fixes OSA-2017-07, also known as CVE-2017-16664: An attacker who is logged into OTRS as an agent can request special URLs from OTRS which can lead to the execution of shell commands with the permissions of the web server user. Closes: #882370 -- Patrick Matthäi Wed, 22 Nov 2017 15:03:02 +0100 otrs2 (3.3.18-1+deb8u1) jessie-security; urgency=high * New upstream release. - Refresh patches 03-backup, 04-opt, 05-database, 06-no-installer, 09-disable-DashboardProductNotify, 10-nice-packagemanager-permissions-message, 12-use-debian-libjs-packages, 13-load-debian-libjs, 14-font-paths and 15-dbupdate-as-root. - This fixes OSA-2017-04, also known as CVE-2017-14635: An attacker who is logged into OTRS as an agent with write permissions for statistics can inject arbitrary code into the system. This can lead to serious problems like privilege escalation, data loss, and denial of service. Closes: #876462 -- Patrick Matthäi Mon, 06 Nov 2017 15:08:08 +0100 otrs2 (3.3.11-1) experimental; urgency=low * New upstream release. - Fixes CVE-2014-9324, also known as OSA-2014-06. - Refresh hunky patch 03-backup. - Refresh hunky patch 07-dont-chown-links. - Refresh hunky patch 10-nice-packagemanager-permissions-message. - Refresh hunky patch 11-fix-SetPermissions-to-include-some-more-dirs. * Watch again all releases. * Do not install auto_build.sh. Closes: #772287 * Merge 3.3.9-3 changelog. -- Patrick Matthäi Thu, 18 Dec 2014 19:51:03 +0100 otrs2 (3.3.10-1) experimental; urgency=low * New upstream release. - Refresh hunky patch 03-backup. - non-free flash files have been removed. - Remove an extra license file. * Move database servers from recommends to suggest and add Postgres and MySQL clients to recommends. Closes: #767517 -- Patrick Matthäi Sun, 09 Nov 2014 21:45:26 +0100 otrs2 (3.3.9-3~bpo70+1) wheezy-backports; urgency=low * Rebuild for wheezy-backports. -- Patrick Matthäi Thu, 19 Mar 2015 10:20:44 +0100 otrs2 (3.3.9-3+deb8u1) jessie-security; urgency=high * Add patch 17-CVE-2017-9324: This fixes OSA-2017-03, also known as CVE-2017-9324: An attacker with agent permission is capable by opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. Closes: #864319 -- Patrick Matthäi Wed, 07 Jun 2017 11:17:23 +0200 otrs2 (3.3.9-3) unstable; urgency=medium * Add patch 16-CVE-2014-9324.diff which fixes CVE-2014-9324, also known as OSA-2014-06: An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured. -- Patrick Matthäi Thu, 18 Dec 2014 19:02:56 +0100 otrs2 (3.3.9-2) unstable; urgency=low * Drop libjs-jquery dependency and use the emebedded version again to avoid application errors. Closes: #763750 * Bump Standards-Version to 3.9.6 (no changes required). * Remove unused override about package-contains-broken-symlink. -- Patrick Matthäi Mon, 27 Oct 2014 21:07:36 +0100 otrs2 (3.3.9-1) unstable; urgency=medium * New upstream release. * Temporary only watch 3.3.x releases. -- Patrick Matthäi Tue, 09 Sep 2014 16:15:53 +0200 otrs2 (3.3.8-1) unstable; urgency=medium * New upstream release. - Refresh hunky patch 03-backup. * Remove unused lintian overrides. -- Patrick Matthäi Wed, 09 Jul 2014 10:22:12 +0200 otrs2 (3.3.7-2) unstable; urgency=medium * Create missing /run/otrs for the scheduler about the cronjob. * Remove otrs2 cron.d symlink on purge. * Check also for /etc/cron.d/otrs in postinst. -- Patrick Matthäi Fri, 23 May 2014 10:02:48 +0200 otrs2 (3.3.7-1) unstable; urgency=medium * New upstream release. - Rewrite patch 01-cron. - Refresh hunky patch 07-dont-chown-links. - Refresh hunky patch 09-disable-DashboardProductNotify. - Refresh hunky patch 12-use-debian-libjs-packages. - init script has been removed. * Automatic link /etc/otrs/cron to /etc/cron.d/otrs2. * Remove deprecated cron snippet from postinst. -- Patrick Matthäi Tue, 13 May 2014 11:13:58 +0200 otrs2 (3.3.6-1) unstable; urgency=medium * New upstream release. - Refresh hunky patch 09-disable-DashboardProductNotify. - Refresh hunky patch 10-nice-packagemanager-permissions-message. - Refresh hunky patch 12-use-debian-libjs-packages. - Refresh hunky patch 14-font-paths. * Support module is not shipped anymore. Remove it from debian/rules. -- Patrick Matthäi Tue, 01 Apr 2014 11:35:40 +0200 otrs2 (3.3.5-1) unstable; urgency=high * New upstream release. - Refresh hunky patch 09-disable-DashboardProductNotify. - Refresh hunky patch 12-use-debian-libjs-packages. - Refresh hunky patch 13-load-debian-libjs. * Add build dependency on yui-compressor and rebuild minified JavaScript files from source on building the package. Closes: #735895 * Added additional information about the MySQL MyISAM->InnoDB switch of MySQL 5.5 to README.Debian. Closes: #707075 * Merge 3.1.7+dfsg1-8+deb7u4 and 2.4.9+dfsg1-3+squeeze5 changelog. * Do not use -f on rm in debian/rules. * Remove dependency on libjs-prototype, it is no longer used. -- Patrick Matthäi Thu, 27 Feb 2014 12:58:14 +0100 otrs2 (3.3.4-1) unstable; urgency=medium * New upstream release. - Fixed SQL injection issue CVE-2014-1471, also known as OSA-2014-02. - Fixed CSRF issue OSA-2014-01. - Refresh hunky patch 09-disable-DashboardProductNotify. - Rewrite patch 12-use-debian-libjs-packages. - Rewrite patch 13-load-debian-libjs. - Refresh hunky patch 14-font-paths. - Refresh hunky patch 15-dbupdate-as-root. - Refresh hunky patch 16-init-script. -- Patrick Matthäi Wed, 29 Jan 2014 09:34:15 +0100 otrs2 (3.3.3-3) unstable; urgency=low * Add dependency on libxml-parser-lite-perl. Closes: #735076 * Adjust lintian overrides. -- Patrick Matthäi Thu, 16 Jan 2014 15:40:32 +0100 otrs2 (3.3.3-2) unstable; urgency=high * Add missing ivory-slim/css-cache directory. * Depend on libnet-sslglue-perl module. * Depend on liblinux-distribution-perl module. * Remove non-free flash files from packaging. Closes: #734276 * Overwrite lintian warning debian-watch-may-check-gpg-signature. There are no GPG signatures available. * Overwrite a privacy-breach-generic lintian warning. The affected file is not used by OTRS. -- Patrick Matthäi Fri, 10 Jan 2014 13:07:52 +0100 otrs2 (3.3.3-1) unstable; urgency=low * New upstream release. -- Patrick Matthäi Tue, 10 Dec 2013 09:56:42 +0100 otrs2 (3.3.2-1) unstable; urgency=low * New upstream release. - Adjust lintian overrides. * Import and install missing DBUpdate-to-3.2.pl script. Closes: #730193 * Replace old init script with the new otrs scheduler init. - Add patch 16-init-script to fix the otrs path. - Remove check for the old maintenance file from 08-usable-apache-config. - Drop patch 02-postmaster. - Add dependency on libproc-daemon-perl. * Remove unused lintian override. -- Patrick Matthäi Mon, 02 Dec 2013 14:14:29 +0100 otrs2 (3.3.1-1) unstable; urgency=low * New upstream release. - Rewrite patch 01-cron. - Refresh hunky patch 03-backup. - Refresh hunky patch 04-opt. - Rewrite patch 05-database. - Rewrite patch 08-usable-apache-config. - Refresh hunky patch 09-disable-DashboardProductNotify. - Rewrite patch 12-use-debian-libjs-packages. - Rewrite patch 13-load-debian-libjs. - Refresh hunky patch 14-font-paths. - Take over 3.2.x database upgrade scripts from older packing to debian/. - Install new database schema upgrades. - Use fonts from fonts-font-awesome package. - libjs-yui has been removed. - Add dependency on libsys-hostname-long-perl. - Recommend module libcrypt-eksblowfish-perl. - Add patch 15-dbupdate-as-root to allow update script to run as user root. * Watch again all stable releases. * Overwrite some lintian warnings about embedded javascript libraries. * Upgrade some Perl module suggests to recommend. -- Patrick Matthäi Wed, 20 Nov 2013 10:53:29 +0100 otrs2 (3.2.12-1) unstable; urgency=high * New upstream release. - Refresh hunky patch 07-dont-chown-links. - Refresh hunky patch 11-fix-SetPermissions-to-include-some-more-dirs. * Allow otrs.DeleteCache.pl to fail in postinst. Closes: #728301 * Merge 3.2.11-1~bpo70+1 changelog. * Bump Standards-Version to 3.9.5 (no changes needed). * Don't explicitly request xz compression - dpkg 1.17 does this by default. -- Patrick Matthäi Fri, 08 Nov 2013 12:25:45 +0100 otrs2 (3.2.11-1~bpo70+1) wheezy-backports; urgency=low * Rebuild for wheezy-backports. -- Patrick Matthäi Thu, 31 Oct 2013 10:30:38 +0100 otrs2 (3.2.11-1) unstable; urgency=low * New upstream release. - Refresh hunky patch 03-backup. - Refresh hunky patch 13-load-debian-libjs. -- Patrick Matthäi Tue, 08 Oct 2013 15:28:23 +0200 otrs2 (3.2.10-2) unstable; urgency=low * Pass $@ to the setup_apache function, because apache2-maintscript-helper does not work anymore if called from a function without it. Closes: #721771 * Temporary only watch the 3.2 branch. -- Patrick Matthäi Wed, 04 Sep 2013 08:56:55 +0200 otrs2 (3.2.10-1) unstable; urgency=low * New upstream release. - Refresh hunky patch 10-nice-packagemanager-permissions-message. * Use bzip2 compressed tarballs. * Use apache2-maintscript-helper to enable the required Apache modules. * Also enable the Apache modules headers and deflate for performance improvements. * Rewrite patch 08-usable-apache-config to make it more compatible with Apache 2.2 and 2.4. This also fixes the lintian warnings apache2-deprecated-auth-config. Also overwrite the lintian warnings. -- Patrick Matthäi Wed, 28 Aug 2013 13:38:15 +0200 otrs2 (3.2.9-2) unstable; urgency=high * Merge 3.1.7+dfsg1-8+deb7u3 and 2.4.9+dfsg1-3+squeeze4 changelog. * Depend on libapache2-reload-perl. * Depend on apache2 | httpd-cgi. Closes: #715434 * Better sanity checking in postinst on enabling Apache modules. This is a follow-up fix for #715434. * Upgrade libapache-dbi-perl from recommends to depends. * Remove old code from otrs2.postinst. * Transition to Apache 2.4 packaging. * Remove unused lintian override. * Source /lib/lsb/init-functions in init script. -- Patrick Matthäi Fri, 02 Aug 2013 16:39:30 +0200 otrs2 (3.2.9-1) unstable; urgency=high * New upstream release. - Upstream security fixes for CVE-2013-4717 and CVE-2013-4718, also known as OSA-2013-05. -- Patrick Matthäi Thu, 11 Jul 2013 10:17:51 +0200 otrs2 (3.2.8-1) unstable; urgency=high * New upstream release. - Security fix for CVE-2013-4088, also known as OSA-2013-04: An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see. - Rewrite patch 03-backup. - Refresh patch 09-disable-DashboardProductNotify. - Refresh patch 12-use-debian-libjs-packages. - Refresh patch 14-font-paths. * Merge 3.1.7+dfsg1-8+deb7u2 changelog. -- Patrick Matthäi Wed, 19 Jun 2013 16:13:02 +0200 otrs2 (3.2.7-2) unstable; urgency=medium * Move RELEASE file to /usr/share/otrs. Closes: #711282 -- Patrick Matthäi Mon, 10 Jun 2013 11:13:20 +0200 otrs2 (3.2.7-1) unstable; urgency=high * New upstream release. - Security fix for CVE-2013-3551, also known as OSA-2013-03: An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see. - Refresh hunky patch 07-dont-chown-links. - Refresh hunky patch 10-nice-packagemanager-permissions-message. - Rewrite patch 11-fix-SetPermissions-to-include-some-more-dirs. * Merge 3.1.7+dfsg1-8+deb7u1 changelog. * Permission fixes from debian/rules removed, again. * Install new upstream changelog CHANGES.md. -- Patrick Matthäi Mon, 27 May 2013 09:07:43 +0200 otrs2 (3.2.6-2) unstable; urgency=low * Uploading to unstable. -- Patrick Matthäi Mon, 06 May 2013 09:23:55 +0200 otrs2 (3.2.6-1) experimental; urgency=low * New upstream release. - Rewrite patch 04-backup. - Refresh patch 16-disable-DashboardProductNotify. - Refresh patch 19-fix-SetPermissions-to-include-some-more-dirs. - Refresh patch 21-use-debian-libjs-packages. - Refresh patch 26-font-paths. * Rewrite patch order. * Fix some wrong file permissions. -- Patrick Matthäi Wed, 24 Apr 2013 10:30:43 +0200 otrs2 (3.2.5-1) experimental; urgency=low * New upstream release. -- Patrick Matthäi Tue, 09 Apr 2013 10:14:05 +0200 otrs2 (3.2.4-1) experimental; urgency=high * New upstream release. - Improved permission checks in LinkObject, this fixes CVE-2013-2625. - Refresh patch 03-postmaster. - Refresh patch 04-backup. - Refresh patch 05-opt. - Refresh patch 09-no-installer. - Refresh patch 13-dont-chown-links. - Refresh patch 18-nice-packagemanager-permissions-message. - Refresh patch 19-fix-SetPermissions-to-include-some-more-dirs. - Refresh patch 23-load-debian-libjs. - The folders js-cache, css-cache, article, sessions and tmp in /var/lib/otrs/ are not included anymore in the tarball, so move it from otrs2.install to otrs2.dirs. * Add dependency libio-interactive-perl. * DBUpdate script 3.2.1 has to run as user otrs. * Adjust patch 07-database to not use the strict mode. * Remove otrs.SetPermissions.pl call on directory /var/lib/otrs from README.Debian. * No longer packaging a dfsg tarball, the generated PDF document from the original source is just not used. * Add missing post database schemas. Closes: #702251 * Merge 3.1.7+dfsg1-8 changelog. -- Patrick Matthäi Tue, 02 Apr 2013 14:02:40 +0200 otrs2 (3.2.3+dfsg1-1) experimental; urgency=low * New upstream release. - Refresh patch 02-cron. - Refresh patch 03-postmaster. - Refresh patch 04-backup. - Rewrite patch 05-opt. - Refresh patch 07-database. - Refresh patch 13-dont-chown-links. - Refresh patch 15-usable-apache-config. - Refresh patch 16-disable-DashboardProductNotify. - Refresh patch 18-nice-packagemanager-permissions-message. - Refresh patch 19-fix-SetPermissions-to-include-some-more-dirs. - Refresh patch 21-use-debian-libjs-packages. - Refresh patch 23-load-debian-libjs. - Remove merged patch 25-use-locale-country. - Refresh patch 26-font-paths. - CREDITS file is removed. -- Patrick Matthäi Wed, 13 Mar 2013 14:18:39 +0100 otrs2 (3.2.2+dfsg1-1) experimental; urgency=high * New upstream release. - Drop merged patch 01-innodb-fk-error. - Refresh patch 05-opt. - Rewrite patch 07-database. - Refresh patch 09-no-installer. - Refresh patch 16-disable-DashboardProductNotify. - Refresh patch 21-use-debian-libjs-packages. - Refresh patch 26-font-paths. * Merge changes from 3.1.7+dfsg1-7. Closes: #700897 * Set +x on all Perl scripts in the bin directory. -- Patrick Matthäi Wed, 27 Feb 2013 11:38:09 +0100 otrs2 (3.2.1+dfsg1-1) experimental; urgency=low * New upstream release. - Add new dependency libyaml-libyaml-perl. - Refresh patch 03-postmaster. - Refresh patch 05-opt. - Refresh patch 13-dont-chown-links. - Refresh patch 16-disable-DashboardProductNotify. - Refresh patch 19-fix-SetPermissions-to-include-some-more-dirs. - Rewrite patch 25-use-locale-country, since all_country_names() does not accept arguments. - Refresh patch 26-font-paths. - Rewrite patch 04-backup. - Rewrite patch 15-usable-apache-config. - Rewrite patch 21-use-debian-libjs-packages. - Rewrite patch 23-load-debian-libjs. - Remove old database schemas and add new 3.2 ones. * Monitor all releases again. * Drop patch 24-default-myisam and check with the new otrs.CheckDB.pl script, if the available tables and the used storage engine are equal. If it is not the case the installation should abort, so that the administrator can fix his MySQL server or the already created tables. Closes: #690306 * Remove deprecated packaging notes from README.Debian. * Remove deprecated NEWS file from packaging. * Remove deprecated files from otrs2.examples. * Solve duplicate-changelog-files by not installing the CHANGES file. * Remove some more deprecated files from otrs2.docs. * Add lintian override for empty-binary package otrs. * Remove some old permission fixes from debian/rules. * Add upstream patch 01-innodb-fk-error to fix some foreign key errors if the tables are created with InnoDB. -- Patrick Matthäi Wed, 13 Feb 2013 11:19:31 +0100 otrs2 (3.1.12+dfsg1-3) experimental; urgency=low * Temporary monitor 3.1.x releases only. * Migrate package from cdbs to minimal debhelper. * Switch to xz compression and add a Pre-Depends on dpkg. -- Patrick Matthäi Mon, 14 Jan 2013 19:56:18 +0100 otrs2 (3.1.12+dfsg1-2) experimental; urgency=low * Fix typo in patch 19-fix-SetPermissions-to-include-some-more-dirs. -- Patrick Matthäi Fri, 14 Dec 2012 11:10:19 +0100 otrs2 (3.1.12+dfsg1-1) experimental; urgency=low * New upstream release. - Refresh hunky patch 04-backup. - Refresh hunky patch 13-dont-chown-links. - Rewrite patch 19-fix-SetPermissions-to-include-some-more-dirs. -- Patrick Matthäi Tue, 11 Dec 2012 11:43:17 +0100 otrs2 (3.1.11+dfsg1-1) experimental; urgency=low * New upstream release. - Fixes XSS vulnerability as described in OSA-2012-03 and CVE-2012-4751. * Bump Standards-Version to 3.9.4 (no changes needed). * Merge 3.1.7+dfsg1-6 changelog. -- Patrick Matthäi Tue, 16 Oct 2012 11:18:50 +0200 otrs2 (3.1.10+dfsg1-1) experimental; urgency=low * New upstream release. * Merge debian/control from 3.1.7+dfsg1-4. * Merge 3.1.7+dfsg1-4 and 3.1.7+dfsg1-5 changelog. * Merge 2.4.9+dfsg1-3+squeeze3 changelog. -- Patrick Matthäi Thu, 30 Aug 2012 19:43:31 +0200 otrs2 (3.1.9+dfsg1-1) experimental; urgency=low * New upstream release. * Fix typo in the changelog of my 3.1.7+dfsg1-3 upload. -- Patrick Matthäi Wed, 22 Aug 2012 18:00:51 +0200 otrs2 (3.1.8+dfsg1-1) experimental; urgency=low * New upstream release. - Refresh hunky patch 24-default-myisam. - Drop merged patch 27-imaptls-more-than-one-email. -- Patrick Matthäi Thu, 09 Aug 2012 09:18:13 +0200 otrs2 (3.1.7+dfsg1-8+deb7u5) wheezy-security; urgency=high * Add patch 37-CVE-2014-9324 which fixes CVE-2014-9324, also known as OSA-2014-06: An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured. -- Patrick Matthäi Wed, 07 Jan 2015 10:11:37 +0100 otrs2 (3.1.7+dfsg1-8+deb7u4) stable-security; urgency=high * Add patch 35-CVE-2014-1471 which fixes CVE-2014-1471, also known as OSA-2014-02: An attacker with a valid customer or agent login could inject SQL in the ticket search URL. * Add patch 36-CVE-2014-1694 which fixes CVE-2014-1694, also known as OSA-2014-01: An attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks. -- Patrick Matthäi Wed, 12 Feb 2014 10:43:48 +0100 otrs2 (3.1.7+dfsg1-8+deb7u3) stable-security; urgency=high * Add patch 34-CVE-2013-4717 which fixes CVE-2013-4717, also known as OSA-2013-05: An attacker with a valid agent login could manipulate URLs leading to SQL injection. -- Patrick Matthäi Tue, 09 Jul 2013 11:13:00 +0200 otrs2 (3.1.7+dfsg1-8+deb7u2) stable-security; urgency=high * Add patch 33-CVE-2013-4088 which fixes CVE-2013-4088, also known as OSA-2013-04: An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see. -- Patrick Matthäi Tue, 18 Jun 2013 13:56:46 +0200 otrs2 (3.1.7+dfsg1-8+deb7u1) stable-security; urgency=high * Add patch 32-CVE-2013-3551 which fixes CVE-2013-3551, also known as OSA-2013-03: An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see. -- Patrick Matthäi Fri, 24 May 2013 14:53:53 +0200 otrs2 (3.1.7+dfsg1-8) unstable; urgency=high * Add missing post database schemas for new installations with dbconfig. Without it, new installations will miss some important foreign keys and later fail to update to version 3.2.x. Closes: #702251 * Add upstream patch 31-CVE-2013-2625 to improve permission checks in LinkObject. This fixes CVE-2013-2625. -- Patrick Matthäi Tue, 02 Apr 2013 10:39:24 +0200 otrs2 (3.1.7+dfsg1-7) unstable; urgency=high * Do not call otrs.SetPermissions.pl in postinst, since it modificates a few files in /usr/share/otrs, instead set the required permissions in /var/lib/otrs on my own. Closes: #700897 -- Patrick Matthäi Wed, 27 Feb 2013 10:13:53 +0100 otrs2 (3.1.7+dfsg1-6) unstable; urgency=medium * Add upstream patch 30-osa-2012-03-js-xss to improve HTML security, where a special prepared HTML e-mail could cause to execute JavaScript code within your browser, as described in OSA-2012-03 and CVE-2012-4751. -- Patrick Matthäi Tue, 16 Oct 2012 11:10:43 +0200 otrs2 (3.1.7+dfsg1-5) unstable; urgency=medium * Add upstream patch 29-security-tag-nesting to improve HTML security to detect tag nasting. -- Patrick Matthäi Tue, 28 Aug 2012 21:42:45 +0200 otrs2 (3.1.7+dfsg1-4) unstable; urgency=high * Correct typo in changelog from my last upload. * Add upstream patch 28-osa-2012-01-ie-xss from OSA-2012-01, which fixes a XSS vulnerability when using the Internet Explorer. * Move libmail-imapclient-perl from Suggests to Depends and also depend on the version in Wheezy. This is an additional fix for the 3.1.7+dfsg1-3 upload to ensure that the correct version is installed. -- Patrick Matthäi Wed, 22 Aug 2012 20:58:13 +0200 otrs2 (3.1.7+dfsg1-3) unstable; urgency=low * Add backported upstream patch 27-imaptls-more-than-one-email. Using IMAPTLS will purge all e-mails, if more than one is located in the inbox. This is because of newer Mail::IMAPClient module versions return an array reference instead of an array on the ->message action. -- Patrick Matthäi Mon, 30 Jul 2012 09:53:24 +0200 otrs2 (3.1.7+dfsg1-2) unstable; urgency=low * Add patch 26-font-paths, which adds the full paths to the font files, so that the PDF export will not die. -- Patrick Matthäi Tue, 03 Jul 2012 16:44:21 +0200 otrs2 (3.1.7+dfsg1-1) unstable; urgency=low * New upstream release. - Refresh hunky patch 21-use-debian-libjs-packages. - Refresh hunky patch 16-disable-DashboardProductNotify. -- Patrick Matthäi Mon, 02 Jul 2012 19:01:46 +0200 otrs2 (3.1.6+dfsg1-1) unstable; urgency=low * New upstream release. - Adjust patch 25-use-locale-country, the country information is not printed to STDERR anymore. -- Patrick Matthäi Tue, 05 Jun 2012 19:32:30 +0200 otrs2 (3.1.5+dfsg1-3) unstable; urgency=low * Drop patch 22-cron-ga-timing, it is fixed by upstream in another way. -- Patrick Matthäi Sat, 02 Jun 2012 18:47:28 +0200 otrs2 (3.1.5+dfsg1-2) unstable; urgency=high * Add patch 24-default-myisam and adjust the 3.0 MySQL update schemas to set the default storage engine to MyISAM. Closes: #674122 * Add new suggested Perl modules: libjson-xs-perl, libmail-imapclient-perl, libnet-smtp-tls-butmaintained-perl and libtext-csv-xs-perl. * Add patch 25-use-locale-country to the the correct Locale::Country module and also stop spamming down the error log of the webserver. Closes: #674475 -- Patrick Matthäi Mon, 28 May 2012 15:29:08 +0200 otrs2 (3.1.5+dfsg1-1) unstable; urgency=low * New upstream release. - Adjust some lintian warnings. -- Patrick Matthäi Tue, 15 May 2012 12:12:36 +0200 otrs2 (3.1.4+dfsg1-1) unstable; urgency=low * New upstream release. - Refresh hunky patch 16-disable-DashboardProductNotify. - Refresh hunky patch 21-use-debian-libjs-packages. -- Patrick Matthäi Tue, 24 Apr 2012 19:24:33 +0200 otrs2 (3.1.3+dfsg1-2) unstable; urgency=medium * Simplify otrs2.preinst. * Add object parameters to the initial created ZZZAuto.pm file to avoid some warnings. * Do not redirect STDERR to /dev/null at the RebuildConfig script. * Apply some hacks to migrate ZZZAuto.pm without that dpkg removes it. Bump urgency to medium. Closes: #667480 -- Patrick Matthäi Sun, 22 Apr 2012 14:33:56 +0200 otrs2 (3.1.3+dfsg1-1) unstable; urgency=high [ Thomas Mueller ] * Copy correct pgsql upgrade script (Closes: #665445) [ Patrick Matthäi ] * New upstream release. - Drop merged patch 20-use-native-digest-sha. - Drop merged patch 24-fix-DBUpdate-to-3.1-pl. - Refresh hunky patch 16-disable-DashboardProductNotify. - Refresh hunky patch 21-use-debian-libjs-packages. - Refresh hunky patch 23-load-debian-libjs. -- Patrick Matthäi Wed, 04 Apr 2012 16:21:44 +0200 otrs2 (3.1.2+dfsg1-3) unstable; urgency=high [ Thomas Mueller ] * Add dbc_mysql_createdb_encoding="UTF8", so that new installs create the db with utf8 charset. * Rework 3.1 DBUpdate, to fix several upgrade issues with the database. - Added patch 24-fix-DBUpdate-to-3.1-pl. [ Patrick Matthäi ] * Lower file permissions on /var/lib/otrs/Config/Files/ZZZAuto.pm from 664 to 660. Closes: #663596 * Move /usr/share/otrs/Config/Files completely to /var/lib/otrs/Config/. Closes: #663593 * Simplify installation and linking. * Fix long description of the otrs2 package. * Remove redundant SQL update scripts. Closes: #663940 * Add patch 23-load-debian-libjs which also patches the Defaults.pm to use the system libjs packages. * Do not install the Support.opm package. * Call bin/otrs.DeleteCache.pl on upgrading otrs. -- Patrick Matthäi Wed, 21 Mar 2012 18:12:02 +0100 otrs2 (3.1.2+dfsg1-2) unstable; urgency=high * Do not call the post upgrade script on new installations. Closes: #663350 -- Patrick Matthäi Sun, 11 Mar 2012 16:42:31 +0100 otrs2 (3.1.2+dfsg1-1) unstable; urgency=low [ Thomas Mueller ] * Add dbconfig-common post upgrade script for 3.1.2. [ Patrick Matthäi ] * New upstream release. * Install missing Scheduler library. Closes: #661677 * Call Perl upgrade script to postinst, which is required for a sane upgrade from 2.4 to 3.1. -- Patrick Matthäi Sat, 10 Mar 2012 00:05:41 +0100 otrs2 (3.1.1+dfsg1-2) unstable; urgency=low * Bump Standards-Version to 3.9.3 (no changes needed). * Add recommends on libapache-dbi-perl. Closes: #661226 * Add missing GenericInterface modules. Closes: #661228 -- Patrick Matthäi Sat, 25 Feb 2012 14:17:37 +0100 otrs2 (3.1.1+dfsg1-1) unstable; urgency=low * New upstream release. -- Patrick Matthäi Tue, 14 Feb 2012 18:15:14 +0100 otrs2 (3.1.0~rc1+dfsg1-1) unstable; urgency=low * New upstream release candidate. * Uploading to unstable. * Also umangle .rc to ~rc. -- Patrick Matthäi Wed, 08 Feb 2012 19:10:44 +0100 otrs2 (3.1.0~beta5+dfsg1-1) experimental; urgency=low * New upstream beta release. * Mangle upstream version string .beta to ~beta in debian/watch. * Add new dependency libyaml-perl. * Readd /usr/share/debconf/confmodule include in prerm and postrm scripts to avoid errors. * Remove css and js cache files on purging otrs2. -- Patrick Matthäi Sat, 04 Feb 2012 17:02:26 +0100 otrs2 (3.1.0~beta4+dfsg1-1) experimental; urgency=low * New upstream beta release. - Install new database schemas. - Remove old database upgrade schemas, they are not shipped anymore in the tarball, but import the 3.0 ones, so that upgrades from Squeeze to Wheezy will work. - Adjust lintian overrides. - Refresh hunky patch 05-opt. - Refresh hunky patch 07-database. - Refresh hunky patch 09-no-installer. - Rewrite failed patch 15-usable-apache-config. - Refresh hunky patch 16-disable-DashboardProductNotify. - Refresh hunky patch 18-nice-packagemanager-permissions-message. - Refresh hunky patch 20-use-native-digest-sha. - Rewrite failed patch 21-use-debian-libjs-packages. - Fix some permission problems in debian/rules. * Remove /var/lib/otrs/packagesetup/ on purge. * Remove debconf question about renaming the otrs2 database user to otrs. This message is deprecated and the upgrade path is not supported (from Etch to Wheezy). * Consequent use tabs in maintainer scripts. * Remove the word transitional from the otrs long description to fix the lintian warning transitional-package-should-be-oldlibs-extra. * Provide short and long description in the LSB headers of the init script. * Implement minimal status command for the init script. -- Patrick Matthäi Sat, 28 Jan 2012 16:00:34 +0100 otrs2 (3.0.11+dfsg1-1) unstable; urgency=low * New upstream release. - Refresh hunky patches 16-disable-DashboardProductNotify and 21-use-debian-libjs-packages. - Remove embedded jQuery from the whole tarball. * Wrap all fields in debian/control. * Use http instead of ftp for debian/watch. -- Patrick Matthäi Thu, 03 Nov 2011 10:54:06 +0100 otrs2 (3.0.10+dfsg1-2) unstable; urgency=high * Correct SetPermission paths in README.Debian. There was a typo, which fucks up the whole file system permissions. Closes: #638982 * Correct the cron timing of GenericAgent, so that syslog will not be spammed down. Closes: #639504 -- Patrick Matthäi Wed, 31 Aug 2011 21:43:25 +0200 otrs2 (3.0.10+dfsg1-1) unstable; urgency=low * New upstream release. * Adjust lintian overrides. -- Patrick Matthäi Fri, 26 Aug 2011 22:30:03 +0200 otrs2 (3.0.9+dfsg1-1) unstable; urgency=low [ Thomas Mueller ] * Add new dependency libjson-perl (Closes: #630475) [ Patrick Matthäi ] * New upstream release. - Fixes command line parsing for otrs.DeleteCache.pl. Closes: #631113 - Refresh hunky patches 16-disable-DashboardProductNotify and 21-use-debian-libjs-packages. -- Patrick Matthäi Wed, 06 Jul 2011 20:42:26 +0200 otrs2 (3.0.8+dfsg1-1) unstable; urgency=low [ Thomas Mueller ] * New upstream release. * Removed patches: - 10-permissions.diff (SetPermissions.sh is removed) - 11-emailsyntax.diff (applied upstream) - 12-remove-maxrequestsperchild.diff (replaced file) - 14-dont-print-messages.diff (SetPermissions.sh is removed) * New patches: - 20-use-native-digest-sha.diff (upstream ships with Digest::SHA::PurePerl) - 21-use-debian-libjs-packages.diff * Refreshed patches: all the remaining * New dependencies: - (suggests) libencode-hanextra-perl (Required to handle mails with several Chinese character sets) - libdigest-sha-perl - libcss-minifier-perl - libjavascript-minifier-perl - libjs-jquery-ui - libjs-jquery * Could not use debian package of ckeditor, because the embedded is patched for OTRS. [ Patrick Matthäi ] * New upstream release 3.0.8. - Refresh 15-usable-apache-config.diff. - Refresh 16-disable-DashboardProductNotify.diff. - Refresh 20-use-native-digest-sha.diff. - Refresh 21-use-debian-libjs-packages.diff. * Merge 2.4.9+dfsg1-3+squeeze1 changelog. * Provide a new package otrs, which depends on the otrs2 package, to not confuse users, that this is only otrs in version 2.x. We do not migrate the files to the otrs package, to avoid new bugs. * Adjust debian/watch to report all otrs updates. * Rework most parts of the package to work with more than one binary package. * Refresh lintian overrides. * Refresh copyright. * Update debconf translations to the current policy. * Add new dependency libjavascript-minifier-perl. * Add new dependency libcss-minifier-perl. * Remove patch 17-remove-DashboardTicketStats.diff. The statistic does not need flash anymore. * Adjust debian/copyright. OTRS is licensed under the terms of the AGPL-3 license. * Add new lintian overrides. * Remove all embedded ttf-dejavu fonts and link against them. -- Patrick Matthäi Sun, 29 May 2011 10:10:41 +0200 otrs2 (2.4.10+dfsg1-3) unstable; urgency=high * Fix bug with upgrades from Lenny to Squeeze, because of an missing sanity check in preinst. Closes: #625605 -- Patrick Matthäi Thu, 05 May 2011 19:31:30 +0200 otrs2 (2.4.10+dfsg1-2) unstable; urgency=low [ Thomas Mueller ] * Add patches: - 16-disable-DashboardProductNotify.diff - 17-remove-DashboardTicketStats.diff (Closes: #594486) - 18-nice-packagemanager-permissions-message.diff - 19-fix-SetPermissions-to-include-some-more-dirs.diff * Add myself as uploader. [ Patrick Matthäi ] * Suggest to use SetPermissions.pl with otrs user otrs, instead of www-data, so that the ArticleStorageFS engine works. Closes: #624348 * Override false positive lintian warnings. -- Patrick Matthäi Fri, 29 Apr 2011 19:02:08 +0200 otrs2 (2.4.10+dfsg1-1) unstable; urgency=low * New upstream release. - Refreshed 11-emailsyntax.diff. - Refreshed 15-usable-apache-config.diff. * Bump Standards-Version to 3.9.2 (no changes needed). * Fix debian/watch to also detect version with more than one decimal place. -- Patrick Matthäi Sat, 16 Apr 2011 11:07:16 +0200 otrs2 (2.4.9+dfsg1-5) unstable; urgency=high * Do not fail at postinst, if invoke-rc.d is forbidden. Closes: #619007 -- Patrick Matthäi Fri, 25 Mar 2011 21:51:04 +0100 otrs2 (2.4.9+dfsg1-4) unstable; urgency=low * Add danish translation from Joe Dalton. Closes: #605433 * Change to postgresql by default for automated tests. Closes: #606707 -- Patrick Matthäi Sun, 06 Feb 2011 15:29:23 +0100 otrs2 (2.4.9+dfsg1-3+squeeze5) oldstable-security; urgency=high * Add patch 23-security-osa-2014-01 which fixes CVE-2014-1694, also known as OSA-2014-01: An attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks. * Add patch 24-security-osa-2014-02 which fixes CVE-2014-1471, also known as OSA-2014-02: An attacker with a valid customer or agent login could inject SQL in the ticket search URL. -- Patrick Matthäi Thu, 20 Feb 2014 13:33:07 +0100 otrs2 (2.4.9+dfsg1-3+squeeze4) oldstable-security; urgency=high [ Salvatore Bonaccorso ] * Add 19-security-osa-2012-03.diff patch. CVE-2012-4751: Fix XSS vulnerability. An attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in users browser while displaying the email. * Add 20-security-osa-2013-01.diff. CVE-2013-2625: Fix privilege escalation in object linking handling. An attacker with a valid agent login could manipulate URLs in the object linking mechanism to see titles of tickets and other objects that are not obliged to be seen. Furthermore, links to objects without permission can be placed and removed. [ Patrick Matthäi ] * Add 21-security-osa-2013-04.diff. CVE-2013-4088: An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see. * Add 22-security-osa-2013-05.diff. CVE-2013-4717: An attacker with a valid agent login could manipulate URLs leading to SQL injection. -- Patrick Matthäi Fri, 02 Aug 2013 16:31:32 +0200 otrs2 (2.4.9+dfsg1-3+squeeze3) stable-security; urgency=high * Add upstream patch 17-security-osa-2012-01 from OSA-2012-01, which fixes a XSS vulnerability described in CVE-2012-2582 when using the Internet Explorer on viewing e-mails. * Add upstream patch 18-security-tag-nesting to improve HTML security to detect tag nasting. -- Patrick Matthäi Thu, 23 Aug 2012 19:16:08 +0200 otrs2 (2.4.9+dfsg1-3+squeeze1) stable-security; urgency=high [ Thomas Mueller ] * Add security patch: - 16-security-osa-2011-01.diff * Title: Several XSS attacks possible * CVE: CVE-2011-1518 * Upstream information: http://otrs.org/advisory/OSA-2011-01-en/ [ Patrick Matthäi ] * Fix bug with upgrades from Lenny to Squeeze, because of an missing sanity check in preinst. Closes: #625605 -- Patrick Matthäi Thu, 05 May 2011 19:05:08 +0200 otrs2 (2.4.9+dfsg1-3) unstable; urgency=low * Change debian/watch, to only show 2.x.x releases. * Do not rely on umask. Set the needed mode explicitly in debian/postinst. -- Patrick Matthäi Sat, 27 Nov 2010 16:50:46 +0100 otrs2 (2.4.9+dfsg1-2) unstable; urgency=high * Fix an error (unknown command in postinst) with initial installations, if postgres is used as backend. Thanks to Munroe Sollog for providing additional information. * ZZZAuto.pm is not available with new installations, where OTRS later fails. Again much thanks to Munroe Sollog for helping to debug and test it! Closes: #601734 -- Patrick Matthäi Mon, 08 Nov 2010 19:42:47 +0100 otrs2 (2.4.9+dfsg1-1) unstable; urgency=high * New upstream release. - Fixes a XSS attack in AgentTicketZoom from HTML e-mails described in OSA-2010-03. -- Patrick Matthäi Tue, 26 Oct 2010 18:26:43 +0200 otrs2 (2.4.8+dfsg1-1) unstable; urgency=medium * New upstream bugfix releases. - Refreshed patches 13-dont-chown-links.diff and 05-opt.diff. - Fixes multiple XSS and denial of service vulnerabilities mentioned in OSA-2010-02. -- Patrick Matthäi Mon, 20 Sep 2010 16:34:38 +0200 otrs2 (2.4.7+dfsg1-1) unstable; urgency=high * Strip out yui from the source in the dfsg version. Closes: #591196 * Depend on libjs-yui and link to this package, instead of using the embedded yui version. This changes make the flash ticket statistics unuseable! Closes: #592146 -- Patrick Matthäi Mon, 09 Aug 2010 19:43:44 +0200 otrs2 (2.4.7-6) unstable; urgency=high * Bump Standards-Version to 3.9.1 (no changes needed). * Remove quilt from build depends. * Move libdbd-mysql-perl | libdbd-pg-perl, libgd-text-perl and libgd-graph-perl packages from recommends to depends. Closes: #591003 * Replace hardcoded perl dependency with ${perl:Depends}. -- Patrick Matthäi Sat, 31 Jul 2010 10:19:36 +0200 otrs2 (2.4.7-5) unstable; urgency=low * Add spanish debconf translation from Camaleón. Closes: #584440 -- Patrick Matthäi Thu, 03 Jun 2010 21:18:41 +0200 otrs2 (2.4.7-4) unstable; urgency=high * Check if mod_perl is available before we enable it. Closes: #561889 * Do not configure the otrs configurations and database, if /etc/otrs/database.pm is not available. Closes: #580964 * Move /var/lib/otrs/spool to /var/spool/. Closes: #580987 -- Patrick Matthäi Tue, 11 May 2010 14:42:32 +0200 otrs2 (2.4.7-3) unstable; urgency=low * Make /var/lib/otrs/Config/ writeable for www-data, so that configurations from OTRS are working. -- Patrick Matthäi Sat, 03 Apr 2010 16:20:55 +0200 otrs2 (2.4.7-2) unstable; urgency=low * Merge changelog from all stable Lenny uploads. * Drop obsoleted patch 01-upgrade.diff. * Extend the 11-emailsyntax.diff patch, by also removing the valid email addresses from the Framework.xml. * Adjust copyright years and add my own copyright notice. * OTRS is licensed under the terms of the AGPL-3 since a longer time. * Fix typo in filename: s/maintainance.html/maintenance.html/. * Change the default order of the database recommends from postgresql to mysql. * s/_description/_Description/ in debian/templates. * Update all translations. * Add libmail-pop3client-perl, libpdf-api2-perl, libsoap-lite-perl, libnet-imap-simple-perl, libnet-imap-simple-ssl-perl and libnet-smtp-ssl-perl as dependencies, so that there are no missing modules for the functions of OTRS. -- Patrick Matthäi Tue, 16 Feb 2010 13:42:53 +0100 otrs2 (2.4.7-1) unstable; urgency=high * New upstream release. - Fixed CVE-2010-0438, which allows SQL-Injection in the OTRS core. * Bump Standards-Version to 3.8.4 (no changes needed). -- Patrick Matthäi Sun, 07 Feb 2010 23:15:34 +0100 otrs2 (2.4.6-2) unstable; urgency=high * Depend on libapache2-reload-perl instead of libapache2-mod-perl2, so that all required Perl modules are available on Apache installations. * Add new patch 15-usable-apache-config, which creates a usable Apache configuration. Also delete the patches 06-misc-upstream and 08-apache and changed the patches 05-opt.diff and 12-remove-maxrequestsperchild, so that all changes to the Apache configuration are done about only one patch. Closes: #566021 * Describe in README.Debian the problem with a working package manager and also discribe, how to get it working anyway. Closes: #383776 -- Patrick Matthäi Wed, 20 Jan 2010 20:00:41 +0100 otrs2 (2.4.6-1) unstable; urgency=low * New upstream release. Closes: #564919 - Refresh hunky 04-backup.diff patch. - Fix permissions of new file usr/share/otrs/bin/fcgi-bin/installer.pl. * Override three lintian warnings about embedded javascript libraries, those issues are not fixable currently. -- Patrick Matthäi Tue, 12 Jan 2010 20:00:53 +0100 otrs2 (2.4.5-5) unstable; urgency=low * Add dependency libxml-feedpp-perl. Closes: #563510 * Add $remote_fs as dependency in the init script. Thanks lintian. -- Patrick Matthäi Mon, 04 Jan 2010 18:13:12 +0100 otrs2 (2.4.5-4) unstable; urgency=high * Revert the fckeditor changes from the last upload. This change breaks the whole editor. Bump urgency to high again. -- Patrick Matthäi Wed, 30 Dec 2009 09:36:45 +0100 otrs2 (2.4.5-3) unstable; urgency=high * Move libapache2-mod-perl2 to depends. Closes: #561889 * Do not use the embedded fckeditor. -- Patrick Matthäi Thu, 24 Dec 2009 12:01:19 +0100 otrs2 (2.4.5-2) unstable; urgency=low * Fix permissions of ZZZAAuto.pm file to have a working SysConfig manager. -- Patrick Matthäi Thu, 17 Dec 2009 19:29:41 +0100 otrs2 (2.4.5-1) unstable; urgency=low * New maintainer. Closes: #515300 * New upstream release. Closes: #539712 - Rediff all patches, they failed to apply in this release. - The location of the prototype.js has been changed. - Fix some new borked permission errors. - Install the new database schemes. - Add 13-dont-chown-links.diff patch. * Convert package to the 3.0 (quilt) format. - Drop debian/README.source. * Remove Vcs fields. * Remove versioned package of postgresql. Closes: #559613 * Update to debhelper 7 and use dh to install the lintian overrides. * Move quilt to Build-Depends-Indep. * Add some notes to README.Debian, where you can find the otrs2 installation and what are the initial login data. * Clean up properly the Config directory on purge. * Do not be so verbose on installing and upgrading otrs2 and add the patch 14-dont-print-messages.diff for this. Closes: #543748 -- Patrick Matthäi Sun, 06 Dec 2009 14:23:50 +0100 otrs2 (2.3.4-7) unstable; urgency=medium * QA upload. * Move libtext-csv-perl from recommends to depends. Without it, otrs will not work and apache will fail to start on upgrades from Lenny to Squeeze. -- Patrick Matthäi Wed, 02 Dec 2009 10:30:40 +0100 otrs2 (2.3.4-6) unstable; urgency=high * QA upload. * Do not use the embedded copy of prototype.js anymore. Closes: #555267 - This also fixes CVE-2007-2383 and CVE-2008-7220. Closes: #555266 -- Patrick Matthäi Tue, 10 Nov 2009 20:14:00 +0100 otrs2 (2.3.4-5) unstable; urgency=high * QA upload. * Update cron.diff patch and add the missing otrs systemuser for the PostMaster cronjob. Closes: #552470 * Add remove-maxrequestsperchild.diff patch, which removes the MaxRequestsPerChild Apache options from the config files. Closes: #548073 -- Patrick Matthäi Sun, 01 Nov 2009 12:23:55 +0100 otrs2 (2.3.4-4) unstable; urgency=low * QA upload. * Add emailsyntax.diff patch, which removes all valid domains from the email address syntax check. Closes: #541309 -- Patrick Matthäi Mon, 12 Oct 2009 12:49:07 +0200 otrs2 (2.3.4-3) unstable; urgency=low * QA upload. * Only execute a2enmod, if it is available on the system. Thanks for the patch to Hilmar Preusse . Closes: #524315 * Add missing patch descriptions. This fixes several quilt-patch-missing-description warnings. * Add ${misc:Depends} as dependency. Fixes lintian warning. * Bump Standards-Version to 3.8.3. - Add debian/README.source. * Remove unused lintian overrides about both extra-license-file. * Use a Vcs-Svn URI, which does not need an authentication. Thanks lintian. -- Patrick Matthäi Sun, 11 Oct 2009 21:31:45 +0200 otrs2 (2.3.4-2) unstable; urgency=low * Set Maintainer to Debian QA Group. -- Torsten Werner Fri, 28 Aug 2009 10:30:35 +0200 otrs2 (2.3.4-1) unstable; urgency=low * New upstream release * Replace access to /var/lib/otrs directory by symlink in /usr/share/otrs. (Closes: #513327) * Add Japanese debconf translation; thanks to Hideki Yamane. (Closes: #512978) -- Torsten Werner Wed, 11 Feb 2009 21:50:43 +0100 otrs2 (2.3.3-1) unstable; urgency=low * New upstream release (Closes: #507738) * Refresh patch opt.diff. * Replace /usr/share/otrs/Kernel/Config/Files/ZZZ?Auto.pm by a symlink to /var/lib/otrs/Config/ZZZ?Auto.pm. (Closes: #475737) - Move /usr/share/otrs/Kernel/Config/Files/ZZZAuto.pm to /var/lib/otrs/Config/ZZZAuto.pm in preinst. - Rebuild /var/lib/otrs/Config/ZZZAAuto.pm in postinst. - Enable patch permission.diff. * Fix some lintian warnings: - scripts/rcp-example.pl is an example file - Make all perl scripts in scripts/tools/ executable. * Add swedish debconf translation thanks to Martin Bagge. (Closes: #503608) -- Torsten Werner Sun, 11 Jan 2009 00:16:27 +0100 otrs2 (2.3.2-2) unstable; urgency=low * merge from testing branch: - Do not load the module Apache2::Reload if it is not installed. (Closes: #494683) -- Torsten Werner Thu, 23 Oct 2008 06:49:37 +0200 otrs2 (2.3.2-1) unstable; urgency=low * new upstream release - Bora Bora * Update Recommends: postgresql-8.3. * Add Recommends: libtext-csv-perl. * Add patch upgrade.diff for upgrading postgres databases. -- Torsten Werner Wed, 01 Oct 2008 22:31:17 +0200 otrs2 (2.2.7-3) unstable; urgency=low * Change Depends: libmime-tools-perl instead of libmime-perl. (Closes: #485927) * Increase Standards-Version: 3.8.0 (no changes needed). * Add a lintian override for empty directories. -- Torsten Werner Mon, 11 Aug 2008 04:49:46 +0200 otrs2 (2.2.7-2lenny3) stable-security; urgency=high * Added patch fix-sql-injection.diff, which adds missing security quoting in SQL statements. Authenticated users may become administrative privileges. This fixes CVE-2010-0438. * Change maintainer also in security upload (for further users questions). -- Patrick Matthäi Mon, 08 Feb 2010 00:03:27 +0100 otrs2 (2.2.7-2lenny2) stable-proposed-updates; urgency=low * QA upload. * Add remove-maxrequestsperchild.diff patch, which removes the MaxRequestsPerChild Apache options from the config files. Closes: #548073 * Add emailsyntax.diff patch, which removes all valid domains from the email address syntax check. Closes: #541309 * Only execute a2enmod, if it is available on the system. Thanks for the patch to Hilmar Preusse . Closes: #524315 * Recommend postgresql-8.3 instead of the non-existing postgresql-8.2. Closes: #535004 -- Patrick Matthäi Thu, 05 Nov 2009 18:36:56 +0100 otrs2 (2.2.7-2lenny1) testing-proposed-updates; urgency=low * Do not load the module Apache2::Reload if it is not installed. (Closes: #494683) -- Torsten Werner Thu, 23 Oct 2008 06:36:29 +0200 otrs2 (2.2.7-2) unstable; urgency=high * Disable the patch permissions.diff again because OTRS can't work with such permissions. It breaks because it can't write files that are 'use'd. (Closes: #487817) -- Torsten Werner Wed, 25 Jun 2008 20:16:47 +0200 otrs2 (2.2.7-1) unstable; urgency=low * new upstream release * Add patch permissions.diff that makes the permissions of files in ~otrs more strict. Let's hope it does not break to much. (Closes: #475737) * The file debian/watch now ignores beta versions. -- Torsten Werner Wed, 11 Jun 2008 19:09:01 +0200 otrs2 (2.2.6-1) unstable; urgency=low * new upstream release * Remove patch osa-2008-01.diff because that change has been applied upstream. * Change Standards-Version: 3.7.3 (no changes). * Fix debian/copyright. -- Torsten Werner Mon, 31 Mar 2008 23:59:54 +0200 otrs2 (2.2.5-2) unstable; urgency=high * Add patch osa-2008-01.diff to fix http://otrs.org/advisory/OSA-2008-01-en/ * Set urgency to high because of the security problem. -- Torsten Werner Thu, 20 Mar 2008 21:24:39 +0100 otrs2 (2.2.5-1) unstable; urgency=low * new upstream release (Closes: #463830) * Fix link to documentation. (Closes: #465755) -- Torsten Werner Wed, 05 Mar 2008 21:36:38 +0100 otrs2 (2.2.4-1) unstable; urgency=low * new upstream release * Add Vcs and Homepage headers to debian/control. * Switch to debhelper 5. * Add dutch debconf translation. (Closes: #449414) -- Torsten Werner Sat, 08 Dec 2007 21:43:01 +0100 otrs2 (2.2.3-1) unstable; urgency=low * new upstream version (Closes: #434602, #438525) * Change Depends: apache2 | httpd-cgi and downgrade Depends: libapache2-mod-perl2 to Recommends. (Closes: #434205) * Change Recommends: postgresql-8.2 instead of 8.1. -- Torsten Werner Tue, 18 Sep 2007 20:41:49 +0200 otrs2 (2.2.2-1) unstable; urgency=low * new upstream release * Add portuguese translation. (Closes: #437058) -- Torsten Werner Fri, 10 Aug 2007 19:57:04 +0200 otrs2 (2.2.1-1) unstable; urgency=low * New upstream release -- Torsten Werner Mon, 2 Jul 2007 20:10:06 +0200 otrs2 (2.2.0~beta3-1) experimental; urgency=low * New upstream release * Clean up debian/rules. * Merge changes from trunk. -- Torsten Werner Tue, 17 Apr 2007 00:25:44 +0200 otrs2 (2.2.0~beta2-1) experimental; urgency=low * New upstream version. * Refreshed one patch. * Updated download location in debian/copyright. -- Torsten Werner Tue, 17 Apr 2007 00:09:49 +0200 otrs2 (2.1.7-2) unstable; urgency=low * Upgraded libxml-parser-perl from Recommends to Depends. * Enhance debian/watch. -- Torsten Werner Mon, 14 May 2007 22:20:25 +0200 otrs2 (2.1.7-1) unstable; urgency=low * New upstream version. * Clean up and refresh the patches. -- Torsten Werner Sat, 14 Apr 2007 17:58:55 +0200 otrs2 (2.1.6-1) unstable; urgency=low * new upstream version * Remove $SVN$ stuff from debian/changelog. * Add russian debconf translation thanks to Yuriy Talakan. (Closes: #414093) -- Torsten Werner Mon, 19 Mar 2007 23:31:58 +0100 otrs2 (2.1.5-3) unstable; urgency=low * Switch off the web based installer. * Changed Recommends: libtext-diff-perl to Depends. -- Torsten Werner Sat, 3 Mar 2007 22:12:31 +0100 otrs2 (2.1.5-2) unstable; urgency=low * Don't reload apache2 in postrm if it is not installed. (Closes: #411781) -- Torsten Werner Sun, 25 Feb 2007 10:47:38 +0100 otrs2 (2.1.5-1) unstable; urgency=low * new upstream version -- Torsten Werner Fri, 23 Feb 2007 21:09:35 +0100 otrs2 (2.1.4-2) experimental; urgency=low * Add option '+FollowSymLinks' to apache configuration. (Closes: #394844) -- Torsten Werner Sat, 13 Jan 2007 19:03:45 +0100 otrs2 (2.1.4-1) experimental; urgency=low * new upstream release * Move patches directory into debian directory. * Refreshed one patch. -- Torsten Werner Tue, 19 Dec 2006 21:33:23 +0100 otrs2 (2.1.3-1) experimental; urgency=low * New upstream release * Refresh most patches. * Merge changes from trunk. * Add Recommends: libtext-diff-perl. (Closes: #393243) -- Torsten Werner Sun, 19 Nov 2006 16:35:31 +0100 otrs2 (2.1.1-1) experimental; urgency=low * Merge changes from trunk. * New upstream version. * Refresh some patches. * Add Depends: libcrypt-passwdmd5-perl. * Disable probably broken patch autoconfig.diff. * Depend on newer dbconfig-common. -- Torsten Werner Sun, 8 Oct 2006 12:57:44 +0200 otrs2 (2.0.99beta1-3) experimental; urgency=low * merge changes from trunk (version 2.0.4p01-14) -- Torsten Werner Wed, 23 Aug 2006 09:05:23 +0200 otrs2 (2.0.99beta1-2) experimental; urgency=low * merge changes from trunk (version 2.0.4p01-13) -- Torsten Werner Sat, 19 Aug 2006 16:44:17 +0200 otrs2 (2.0.99beta1-1) experimental; urgency=low * new upstream version * refreshed patches/backup.diff and patches/database.diff * disabled check for manual in debian/rules because the manual is not provided in upstream's tarball * merged changes 201:HEAD from experimental branch * support database upgrades -- Torsten Werner Sat, 5 Aug 2006 08:29:08 +0200 otrs2 (2.0.4p01-14) unstable; urgency=low * add french debconf translation thanks to Christian Perrier, closes: #384580 * yet another fix for the cron jobs thanks to Laurent Bonnaud, closes: #385763 -- Torsten Werner Sun, 3 Sep 2006 23:07:08 +0200 otrs2 (2.0.4p01-13) unstable; urgency=medium * add patch autoconfig.diff, closes: #350270 * remove /var/lib/otrs/tmp in postrm * refined debian/templates, closes: #382639 * add german debconf translation * enable Apache2::Reload & Co. * add patch postmaster.diff to temporarily not accepting new email messages if OTRS is in maintainance mode * reorganised cron config to support the init script * add some safety checks for nonessential packages in debian/postrm * add link to the online documentation -- Torsten Werner Sun, 20 Aug 2006 23:34:47 +0200 otrs2 (2.0.4p01-12) unstable; urgency=low * reorganized the documentation of the Debian package -- Torsten Werner Sat, 5 Aug 2006 10:46:46 +0200 otrs2 (2.0.4p01-11) experimental; urgency=low * warn the user when authentication method is 'ident' but the database user is not 'otrs' * apache config: point 'ErrorDocument 404' to index.pl * try to import database settings from older versions into dbconfig-common * add a versioned Depends: on dbconfig-common * add an init script for OTRS * fixes in the apache configuration * support for mysql -- Torsten Werner Sat, 5 Aug 2006 10:36:40 +0200 otrs2 (2.0.4p01-10) experimental; urgency=low * start using dbconfig-common for database configuration -- Torsten Werner Sat, 29 Jul 2006 19:48:48 +0200 otrs2 (2.0.4p01-9) unstable; urgency=low * create otrs user in debian/preinst now instead of debian/postinst * fixes in debian/postinst and debian/postrm * force-reload apache in debian/postinst because we might enable mod_perl * make sure apache's perl module is enabled * rescue old apache configuration before installing a new one * documentation fixes * added more Recommends and Suggests, closes: #378672 -- Torsten Werner Wed, 19 Jul 2006 21:41:37 +0200 otrs2 (2.0.4p01-8) experimental; urgency=low * more /opt fixes * some cosmetic changes in debian/ * switch to ucf for managing config files * remove preinst that was needed for upgrading old otrs packages * updated Depends in debian/control * add a 'quick installation' section to debian/README.Debian * use mod-perl -- Torsten Werner Mon, 17 Jul 2006 23:19:14 +0200 otrs2 (2.0.4p01-7) unstable; urgency=low * switched to mergeWithUpstream mode of svn-buildpackage * switched to quilt for managing upstream changes * lintian fixes * don't move the Output directory from /usr/share/otrs/ to /etc/otrs * removed bashism * fixed permissions of *.pm and *.png files * other minor cleanups -- Torsten Werner Sun, 9 Jul 2006 22:21:49 +0200 otrs2 (2.0.4p01-6) unstable; urgency=low * removed the PDF manuals because they will be provided with source code by a separate package 'otrs2-doc' -- Torsten Werner Tue, 20 Jun 2006 23:35:00 +0200 otrs2 (2.0.4p01-5) unstable; urgency=low [ Noèl Köthe ] * corrected tar options in scripts/backup.pl, closes: #361448 * corrected FSF address in debian/copyright (lintian error) * added adduser to the dependency because we use it in postinst (lintian warning) * updated Standards-Version to 3.7.2. no changes needed [ Torsten Werner ] * renamed package to otrs2, closes: #367959 -- Torsten Werner Thu, 18 May 2006 23:55:19 +0200 otrs (2.0.4p01-4) unstable; urgency=low * reverted last change * applied patch from Thorsten Sandfuchs -- Torsten Werner Wed, 8 Mar 2006 21:21:54 +0100 otrs (2.0.4p01-3) unstable; urgency=low * reverted change to backup.pl * moved scripts/{backup,restore}.pl to /usr/share/doc/otrs/examples/, please read NEWS.Debian for more information, closes: #355328 -- Torsten Werner Mon, 6 Mar 2006 20:41:55 +0100 otrs (2.0.4p01-2) unstable; urgency=low [ Noèl Köthe ] * corrected spelling errors in README.Debian, closes: #310854 [ Torsten Werner ] * added debian/NEWS.Debian * fixed scripts/backup.pl to backup the configuration files, closes: #355328 * fix for apache2-perl-startup.pl (mentioned in #293062) * added checks for existing binaries in cronjobs, closes: #316340 -- Torsten Werner Sun, 5 Mar 2006 14:54:03 +0100 otrs (2.0.4p01-1) unstable; urgency=low * new upstream version, closes: #332441 * it fixes a security bug: http://otrs.org/advisory/OSA-2005-01-en/ * please consider applying any patches to alioth's svn repository, see https://alioth.debian.org/projects/pkg-otrs/ -- Torsten Werner Tue, 22 Nov 2005 21:57:05 +0100 otrs (2.0.1p01-1) experimental; urgency=low * new upstream version, closes: #310696 * added debian/watch -- Torsten Werner Sat, 6 Aug 2005 23:24:20 +0200 otrs (1.3.2p01-5) unstable; urgency=high * work around for very old dpkg bug: $OTRSHOME/Kernel/Output in now really a symlink to /etc/Output (that is why urgency is high), closes: #301245 -- Torsten Werner Tue, 5 Apr 2005 23:09:33 +0200 otrs (1.3.2p01-4) unstable; urgency=low * added some 'test -x ...' to the cron jobs, closes: #297454 * removed symlink /usr/share/otrs/.fetchmailrc because it does not work and it is not necessary anyway * moved $OTRSHOME/Kernel/Output into /etc/, closes: #291512 -- Torsten Werner Sun, 6 Mar 2005 15:10:40 +0100 otrs (1.3.2p01-3) unstable; urgency=low * applied patch for debian/links and bin/SetPermissions.sh from Sven Wilhelm, closes: #281515 * minor fixes for debian/post* -- Torsten Werner Wed, 29 Dec 2004 16:38:44 +0100 otrs (1.3.2p01-2) unstable; urgency=low * upload to unstable -- Torsten Werner Thu, 11 Nov 2004 21:24:29 +0100 otrs (1.3.2p01-1) experimental; urgency=low * fixed ErrorDocument in scripts/apache2-httpd.include.conf * added #DEBHELPER# to otrs.preinst * thanks to Andreas Tille for helping -- Torsten Werner Fri, 22 Oct 2004 23:38:54 +0200 otrs (1.3.2p01-0.1) unstable; urgency=low * NMU but no official upload - just helping the maintainer and leave him the upload * New upstream version * Split packages into - otrs (code) - otrs-doc-en (English documentation) - otrs-doc-de (German dosumentation) The language split seems to make sense because of the size of the documentation and the assumption that only one language will be neede on a normal system. * Left out the SGML source for the documentation. Remark: It should be checked whether it is reasonable to rebuild the HTML and PDF version at build time from SGML. * Make use of debian/otrs.{docs,examples} instead of using only debian/otrs.install * Fight against lintian warnings: - Removed copy of GPL from /usr/share/doc/otrs - Added lintian.overrides for files which look like extra license files - Fix permission of example files - Removed '#!/bin/sh' from apache2*-perl-startup.pl scripts - Removed {redhat,suse,fedora}* scripts - Added missing '!' to sync_node.sh * Added link to /usr/lib/cgi-bin which enables access without Apache configuration changes. * Postrm script now also removes .*_history files of otrs user * Postrm also removes log files. ATTENTION: Just feel free to keep log files but I think it is better to ask a debconf question instead of just keeping stuff in /var/lib/otrs which users might like to get rid of. * Moved .fetchmailrc to /etc/otrs/fetchmailrc and adjusted cron file * Verified occurences of /opt/otrs in the code - scripts/apache2*-perl-startup.pl: use lib "/opt/otrs/"; use lib "/opt/otrs/Kernel/cpan-lib"; changed to /usr/share/otrs/... and uncommented use DBD::mysql (); because also other databases might be used. It was not yet verified which further consequences this might have be. - All other occurences of the string "/opt/otrs" are inside comments or some strings of error messages which do not really harm. Closes: #25802 * Tried to increase help for local administrators - Added example script for setting up a PostgreSQL server as it was suggested in http://bugs.debian.org/cgi-bin/272113 In addition to the problems described there it was observed that the permissions for www-data are to restrictive which can be fixed by the further example script which is provided. - Added hints to README.Debian how to change PostgreSQL configuration. - Move apache configuration examples to /usr/share/doc/otrs/examples - Changed path names also in apache-httpd.include.conf (in case a user sticks to Apache 1.x) -- Andreas Tille Wed, 20 Oct 2004 08:00:05 +0200 otrs (1.2.4-2) unstable; urgency=high * fixed Recommends on mod-perl, closes: 272858 * set urgency to high because it is a minor fix -- Torsten Werner Wed, 29 Sep 2004 21:51:38 +0200 otrs (1.2.4-1) unstable; urgency=low * new upstream version, closes: #258766 * added Recommends: procmail | maildrop, aspell | ispell * moved manual to /usr/share/doc/otrs/, closes: #258782 * moved var stuff to /var/lib/otrs/ * moved config files to /etc/otrs/ -- Torsten Werner Fri, 16 Jul 2004 23:28:26 +0200 otrs (1.2.3-7) unstable; urgency=low * fixed apache2-httpd.include.conf * added Depends: libauthen-sasl-perl, libdate-pcalc-perl, libemail-valid-perl, libio-stringy-perl, libmime-perl, libmailtools-perl * removed directory Kernel/cpan-lib/ -- Torsten Werner Sun, 20 Jun 2004 23:28:42 +0200 otrs (1.2.3-6) unstable; urgency=low * moved from /opt into /usr/share * added Recommends: libgd-text-perl, libgd-graph-perl -- Torsten Werner Sun, 20 Jun 2004 20:42:04 +0200 otrs (1.2.3-5) experimental; urgency=low * install Kernel/Config/GenericAgent.pm during first install * fixed call to SetPermissions.sh in postinst -- Torsten Werner Mon, 26 Apr 2004 22:34:12 +0200 otrs (1.2.3-4) experimental; urgency=low * Depends: libdbi-perl and Recommends: libdbd-mysql-perl | libdbd-pg-perl added -- Torsten Werner Thu, 22 Apr 2004 22:43:18 +0200 otrs (1.2.3-3) experimental; urgency=low * more Depends and Recommends in debian/control -- Torsten Werner Mon, 19 Apr 2004 23:29:01 +0200 otrs (1.2.3-2) experimental; urgency=low * corrected some files in debian/ that have been forgotten before the first upload -- Torsten Werner Sun, 18 Apr 2004 12:26:43 +0200 otrs (1.2.3-1) experimental; urgency=low * initial release -- Torsten Werner Fri, 16 Apr 2004 18:49:35 +0200