gosa (2.7.4+reloaded3-16) unstable; urgency=medium

  * Re-upload as is.

  * debian/changelog:
    + Fix faulty bug closure in previous changelog stanza. Re-closing the
      correct bug here now. (Closes: #989099, allow gosa to be installed
      in chroots).

 -- Mike Gabriel <sunweaver@debian.org>  Wed, 26 May 2021 09:31:07 +0200

gosa (2.7.4+reloaded3-15) unstable; urgency=medium

  * debian/gosa.postinst:
    + Don't choke on failing httpd service restarts. This allows gosa to be
      installed into chroots. (Closes: #989099).
  * debian/patches:
    + Add 1051_openldap-gosa-samba3.-Provide-alias-attribute-descri.patch and
      1052_contrib-kolab2.-Comment-out-alias-attribute-type.patch. Provide
      'alias' attribute type via 'gosaMailAccount' objectClass. This fixes
      'alias' field setting via gosa-plugin-mailaddress without the need to
      add 'kolabInetOrgPerson' objectClass to every mail account. (Closes:
      #989096).
    + Add 1053_check-countable-before-using-count-on-variable.patch. Don't use
      count() function on data that might not be countable. Silences hundreds
      of PHP warning log messages per user session. (Closes: #939043).

 -- Mike Gabriel <sunweaver@debian.org>  Tue, 25 May 2021 21:18:20 +0200

gosa (2.7.4+reloaded3-14) unstable; urgency=medium

  * debian/patches:
    + Add 1050_implode-syntax-php74.patch. Use PHP 7.4 compliant implode()
      syntax. (Closes: #964600).
  * debian/control:
    + Bump Standards-Version: to 4.5.1. No changes needed.
    + Bump DH compat level to version 13.

 -- Mike Gabriel <sunweaver@debian.org>  Mon, 23 Nov 2020 17:44:53 +0100

gosa (2.7.4+reloaded3-13) unstable; urgency=medium

  * debian/patches:
    + Add 1049_gosa-fix-filterlocklabelimage.patch. Use NULL as default for
      in filterLockImage() and filterLockLabel(). (Closes: #941165).

 -- Mike Gabriel <sunweaver@debian.org>  Mon, 27 Jul 2020 22:32:50 +0200

gosa (2.7.4+reloaded3-12) unstable; urgency=medium

  * debian/patches:
    + Add 1048_gosa-cred-encrypt-decrypt-php-7.4.patch. Fix upgrade error with
      PHP 7.4 in use. PHP 7.4 chokes on a flaw in cred_encrypt() and
      cred_decrypt() that previous PHP versions silently ignored. (Closes:
      #964318).

 -- Mike Gabriel <sunweaver@debian.org>  Mon, 13 Jul 2020 13:23:35 +0200

gosa (2.7.4+reloaded3-11) unstable; urgency=medium

  * debian/control:
    + Drop php-recode. Code path has an alternative for its usage (iconv). (Closes: #955314).
    + Update Homepage: field. (Closes: #940719).
    + Bump Standards-Version: to 4.5.0. No changes needed.
  * debian/{control,compat}:
    + Switch to debhelper-compat notation. Bump DH compat level to version 12.
  * debian/copyright:
    + Update Source: field.

 -- Mike Gabriel <sunweaver@debian.org>  Mon, 20 Apr 2020 07:32:48 +0200

gosa (2.7.4+reloaded3-10) unstable; urgency=medium

  * debian/patches:
    + Add 1047_CVE-2019-14466-1_replace_unserialize_with_json_encode+json_
      decode.patch: Replace (un)serialize with json_encode/json_decode to
      mitigate PHP object injection. (CVE-2019-14466).

 -- Mike Gabriel <sunweaver@debian.org>  Sat, 31 Aug 2019 16:09:11 +0200

gosa (2.7.4+reloaded3-9) unstable; urgency=medium

  * debian/changelog:
    + Post-upload fix of patch-1045 explanation in previous stanza.
  * debian/patches:
    + Add 1046_CVE-2019-11187_stricter-ldap-error-check.patch.
      Perform stricter check on LDAP success/failure (CVE-2019-11187).
  * debian/control:
    + Bump Standards-Version: to 4.4.0. No changes needed.

 -- Mike Gabriel <sunweaver@debian.org>  Thu, 08 Aug 2019 13:29:34 +0200

gosa (2.7.4+reloaded3-8) unstable; urgency=medium

  * debian/patches:
    + Add 1043_smarty-add-on-function-param-types.patch. Fix missing
      password field, caused by PHP error "parameter 2 expected to be a
      reference, value given". This happened due to mismatching parameter
      types whenever the smarty3 template rendering engine called gosa's
      (slightly not-compliant anymore) smartyAddon functions. (Closes:
      #918578). The patch also brings some smartyAddon hygiene for
      the {render} block and the not-used-anymore {tr} block.
    + Add 1044_crypto-transition-without-mcrypt.patch. Make
      gosa-mcrypt-to-openssl-passwords script independent from php-mcrypt,
      and thus make it work with Debian buster's php7.3. (Closes: #925138).
    + Update 1026_fix-deprecated-constructor-format.patch. Drop an
      unwanted find+replace artefact in class_userFilter.
    + Add 1045_dont_use_filter_caching.patch. Disable filter caching via
      $_SESSION. The filter caching mechanism stores PHP object in $_SESSON;
      since php7.0 this has lead to all sorts of unexpected results and flawed
      rendering of class_management based listings. (Closes: #907815).
  * debian/control:
    + Bump Standards-Version: to 4.3.0. No changes needed.

 -- Mike Gabriel <sunweaver@debian.org>  Fri, 19 Apr 2019 15:24:14 +0200

gosa (2.7.4+reloaded3-7) unstable; urgency=medium

  [ Mike Gabriel ]
  * Update default config.
    + Enable netgroup, pwreset and school-manager plugins by default.

  [ Dominik George ]
  * Update my maintainer address.
  * Add support for php-fpm in apache config.

 -- Dominik George <natureshadow@debian.org>  Wed, 12 Dec 2018 16:52:38 +0100

gosa (2.7.4+reloaded3-6) unstable; urgency=medium

  [ Christian Schwamborn ]
  * debian/patches:
    + Add 1040_inactive_pwd_fields_when_using_pwd_proposal.patch. Disable
      password entry text fields when password proposal is to be used.
    + Improve 1039_fix_sambakickofftime_...tmplate_setting.patch. Avoid NULL
      string being handed over to the date() function.
    + Add 1041_ref_param_error_in_My_Parser.patch. Compat fix for PHP > 5.4.
      Hand over real variable to function.
    + Add 1042_add_option_to_disable_autocomplete.patch. Add support for
      disabling autocompletion in search boxes.

  [ Mike Gabriel ]
  * debian/control:
    + Bump Standards-Version: to 4.2.0. No changes needed.
    + Drop exim4 as default MTA, use default-mta instead. Thanks lintian.

 -- Mike Gabriel <sunweaver@debian.org>  Wed, 15 Aug 2018 12:31:03 +0200

gosa (2.7.4+reloaded3-5) unstable; urgency=medium

  * debian/control:
    + Update Vcs-*: fields. Packaging Git has been migrated to salsa.debian.org.
  * debian/patches:
    + Add 0013_escape-html-entities-for-uid-to-avoid-code-execution-
      CVE-2018-1000528.patch. Fixes code injection in password change dialog.
      Resolves CVE-2018-1000528. (Closes: #902723).

 -- Mike Gabriel <sunweaver@debian.org>  Sat, 30 Jun 2018 12:35:38 +0200

gosa (2.7.4+reloaded3-4) unstable; urgency=medium

  * debian/control:
    + Add D (gosa): php-cgi. Required for GOsa² to work under lighttpd.
      (Closes: #892570).
    + Drop from S: gosa-si-server. (Closes: #891904). (Note: the requested
      php7.0-cli to php-cli modification was already uploaded with
      gosa/2.7.4+reloaded3-3).
    + Bump Standards-Version: to 4.1.4. No changes needed.
  * debian/gosa.post*:
    + Test presence of apache2ctl to detect whether GOsa² is supposed to run
      under Apache2. (Closes: #892571).
  * debian/patches:
    + Add 0012_using-the-correct-encryption-method.patch. Use aes-256-ecb, not
      -cbc as encryption method in cred_encrypt() function. (Closes: #892546).
    + Add 2006_apache2-private-tmp.patch. Work-around for Apache2's
      PrivateTmp=true feature in Debian. (Closes: #892569).
    + Various typo fixes in text comments.
  * debian/README.gosa.secrets:
    + Add HowTo about GOsa²'s internal pw encryption procedure.
    + Advertise this new README in debian/NEWS.
  * debian/gosa.lintian-overrides:
    + Add override maintainer-script-should-not-use-recursive-chown-or-chmod
      postinst.
  * lintian: Move source overrides into debian/source/.

 -- Mike Gabriel <sunweaver@debian.org>  Fri, 20 Apr 2018 13:36:45 +0200

gosa (2.7.4+reloaded3-3) unstable; urgency=medium

  * debian/control:
    + Switch D (gosa-dev) from php7.0-cli to php-cli.

 -- Mike Gabriel <sunweaver@debian.org>  Sun, 04 Mar 2018 20:59:40 +0100

gosa (2.7.4+reloaded3-2) unstable; urgency=medium

  * debian/control:
    + Add B:/R: relations (gosa) for gosa-plugin-{heimdal,opsi,fai,fai-schema}
      (<< 2.7.4+reloaded3-1~).

 -- Mike Gabriel <sunweaver@debian.org>  Thu, 01 Mar 2018 19:47:38 +0100

gosa (2.7.4+reloaded3-1) unstable; urgency=medium


  [ Mike Gabriel ]
  * Re-pack GOsa². Drop plugins useless without never
    really stable gosa-si daemon:
    - Drop FAI plugin. Obsoleted upstream.
    - Drop OPSI plugin. Obsoleted upstream.
    - Drop Heimdal plugin. Obsoleted upstream.

  * debian/watch.gosa-plugin-{heimdal,opsi,fai}:
    + Drop files. Not needed anymore.
  * debian/watch.gosa-*:
    + Use secure URLs to obtain upstream sources.
    + Revert back to http access to upstream sources. Upstream's certificate is
      broken.
    + Do dversionmangel reloaded3, not reloaded2.

  * debian/patches:
    + Add 1029_better-whitespace-cleanup-in-genuid.patch. Prevent gen_uids()
      from generating UIDs containing blanks.
    + Add 1030_column-header-titles-group-members.patch. Fix column titles in
      member lists of POSIX groups.
    + Add 1031_no-context-loose-continues.patch. Avoid stray continue
      expression. (Closes: #879105).
    + Rebase / update 1016_allow-same-user-ids-as-adduser.patch and
      1026_fix-deprecated-constructor-format.patch.
  * debian/control:
    + Drop from D (gosa bin:pkg): php-mcrypt. Not available in PHP 7.2 anymore.
      (Closes: #889811).
    + Bump Standards-Version: to 4.1.3. No changes needed.
    + Update D (gosa): php7.0-cli -> php-cli.
    + Switch D (gosa) from virtual pkg php-mysqli to meta package php-mysql.
  * debian/{compat,control}:
    + Bump DH compat level to 11.
  * debian/{control,gosa-plugin-<plugin>.install}:
    + Drop bin:pkgs gosa-plugin-opsi, gosa-plugin-fai, gosa-plugin-fai-schema.
  * debian/gosa.triggers:
    + Explicitly use await triggering mechanism.
  * debian/gosa-desktop.templates:
    + Let gosa-desktop's URL point to http://localhost/gosa by default.
       (Closes: #854780).
  * debian/gosa.postinst:
    + Drop support for handling apache2.2's /etc/apache2/conf.d/ directory.
      (Closes: #858312).
    + Deactivate deprecated gosa.conf, if found in /etc/apache2/conf.d/.
  * debian/gosa.install:
    + Install gosa-mcrypt-to-openssl-passwords into bin:pkg gosa.
  * debian/gosa-plugin-mail.install:
    + Drop addons/. The mail addons were gosa-si related, which got support
      removed with this release.
  * debian/copyright:
    + Update copyright attributions.
    + Use secure URI for copyright format reference.
  * debian/rules:
    + Stop using dpkg-parsechangelog, use pkg-info.mk instead.
  * debian/NEWS:
    + Provide information for people upgrading from previous versions of GOsa².

  * Overall white-space cleanup in debian/.

  [ Benjamin Zapiec ]
  * debian/patches:
    + Add 00??_mcrypt2openssl_*.patch. Migrate gosa-encrypt-passwords and
      related code from removed mcrypt (since PHP 7.2) to openssl. This also
      implies dropping gosa-si support entirely (which never really worked
      anyway and has never been made available in Debian).
    + Improve patch 1026: gosa-core/include/pChart/: Find more deprecated
      constructors.

  [ Christian Scharmborn ]
  * debian/patches:
    + Add 1032_fix_select_acl_role.patch
    + Add 1033_fix_unable_to_delete_acl_asignment.patch
    + Add 1034_remove_superfluous__get_post__call_from__save_object.patch
    + Add 1035_acl_override_to_allow_delete_of_group_members.patch
    + Add 1036_remove_double_groupList_setEditable_setting.patch
    + Add 1037_fix_shadowexpire_checkbox_from_tmplate_setting.patch
    + Add 1038_shadowexpire_in_one_line.patch
    + Add 1039_fix_sambakickofftime_checkbox_and_sambakickofftime_date_
      from_tmplate_setting.patch

 -- Mike Gabriel <sunweaver@debian.org>  Thu, 01 Mar 2018 14:23:28 +0100

gosa (2.7.4+reloaded2-13) unstable; urgency=medium

  [ Dominik George ]
  * Allow IPv4 addresses and FQDNs as sudoHost. (Closes: #834065).
  * Added myself to Uploaders.

  [ Mike Gabriel ]
  * debian/control:
    + Update D (gosa, gosa-dev): php-cli -> php7.0-cli.
    + Update PHP MySQL(i) dependency. GOsa with PHP 7 now depends on php-mysqli.
  * debian/patches:
     + Add 1028_use-mysqli-instead-of-mysql.patch. Migrate from PHP MySQL
       extension to MySQLi extension. (Closes: #834063).
     + Fix another man page type via 1004_fix-typos-in-man-pages.patch.
  * lintian:
    + Update source.lintian-overrides.
    + Add php-script-but-no-phpX-cli-dep override for two files.
  * debian/README.Debian: Fix spelling issue.
  * debian/gosa-plugin-opsi.lintian-overrides:
    + Drop. No required any more.

 -- Mike Gabriel <sunweaver@debian.org>  Wed, 25 Jan 2017 22:11:04 +0100

gosa (2.7.4+reloaded2-12) unstable; urgency=medium

  [ Mike Gabriel ]
  * debian/fix-constructors.sh:
    + Additionally replace occurrences of <class>::<class>(...) with
      <class>::_construct(). Assure script can be run several times on the
      same GOsa code tree.
  * debian/patches:
    + Fix 1026_fix-deprecated-constructor-format.patch. Additionally patch
      occurrences of <class>::<class>(...) with <class>::_construct().

  [ Wolfgang Schweer ]
  * debian/fix-constructors.sh:
    + Exclude xml:xml* commands from being touched by this script.
  * debian/patches:
    + Another fix for 1026_fix-deprecated-constructor-format.patch. Don't
      replace xml::xml2array by flawed xml::__construct2array.

 -- Mike Gabriel <sunweaver@debian.org>  Thu, 02 Jun 2016 23:51:54 +0200

gosa (2.7.4+reloaded2-11) unstable; urgency=medium

  * debian/patches:
    + Add 1025_fix-with-smarty-3-1-29.patch. Fix class auto-loading when GOsa
      is used under Smarty3 (>= 3.1.28).
    + Add 1026_fix-deprecated-constructor-format.patch. Replace old-style
      constructor names (equaling the class name) by methods of the name
      "__construct()". This patch has been generated by the shipped-with script
      debian/fix-constructors.sh. Thanks to Cajus Pollmeier for providing this
      script.
  * debian/control:
    + Bump Standards: to 3.9.8. No changes needed.
    + Use encrypted URLs for Vcs-*: fields.

 -- Mike Gabriel <sunweaver@debian.org>  Wed, 01 Jun 2016 12:44:43 +0200

gosa (2.7.4+reloaded2-10) unstable; urgency=medium

  [ Holger Levsen ]
  * Fixup PHP syntax in 1010_fix-entry-removal-in-mail-plugin.patch. See
    #796823 for the details.
  * Update depends and debian/gosa-apache.conf for the PHP 7.0 transition.
    Thanks to Wolfgang Schweer for the patch! (Closes: #821501)

  [ Mike Gabriel ]
  * debian/gosa.NEWS: Fix date (2015 -> 2016) for latest NEWS announcement.

 -- Holger Levsen <holger@debian.org>  Mon, 23 May 2016 12:44:31 +0200

gosa (2.7.4+reloaded2-9) unstable; urgency=medium

  * debian/gosa-desktop.dirs:
    + Create /etc/gosa through dpkg for bin:package gosa-desktop. (Closes:
      #814576).
  * debian/control:
    + Drop as alternative Ds (gosa-desktop): konqueror, epiphany-browser,
      midori, chromium. (Closes: #814774).

 -- Mike Gabriel <sunweaver@debian.org>  Mon, 15 Feb 2016 13:17:12 +0100

gosa (2.7.4+reloaded2-8) unstable; urgency=medium

  * debian/changelog:
    + Add closure of #796813 for version 2.7.4+reloaded2-6.
  * debian/patches:
    + Fix comment header for 0007_update-sambaHashHook-description.patch.
    + Add 1022_add-b-switch-to-mkntpasswd-script.patch. Support creation of
      NT/LM hashes from base64 encoded password string.
    + Add 1023_check-smbhash-creation-for-base64-encoded-pws.patch. Check
      NT/LM hash creation during setup checks using decode_base64() function.
    + Update 0007_update-sambaHashHook-description.patch. Add -MMIME::Base64
      package loading in NT/LM hash creation code on gosa.conf man page.
    + Add 1024_dont-overescape-dollar-signs-in-smb-passwords.patch. Don't
      over-escape "$" characters in passwords provided to the sambaHashHook
      execution call. (Together with encoding passwords for sambaHashHook
      as base64 string, this closes: #801758).
  * debian/gosa.NEWS:
    + Add information on password string now getting base64 encoded prior
      to handing it over to the sambaHashHook script.
  * debian/gosa.postinst:
    + Only create symlinks to lpstat and convert, if those binaries really
      exist on the system. (Closes: #811382).
  * debian/control:
    + Update D (gosa-desktop): depend on browser currently available on Debian
      and Ubuntu. (Closes: #814004).
  * debian/gosa*.dirs:
    + Remove most *.dirs directories, only remaining file: gosa.dirs.
  * debian/gosa{,-plugin-mail,-plugin-gofon,-desktop}.postrm:
    + Remove /etc/gosa/ directory, if empty when purging the corresponding
      packages. (To make piuparts happy).
  * debian/gosa.post*:
    + Use proper if clauses for conditions. This assures that the
      postinst/postrm scripts do not fail if any of the conditions is not
      met.
    + Define $PATH in scripts to make sure, the which command used in these
      scripts works as expected.

 -- Mike Gabriel <sunweaver@debian.org>  Fri, 12 Feb 2016 06:14:37 +0100

gosa (2.7.4+reloaded2-7) unstable; urgency=medium

  * debian/changelog:
    + Fix-up for previous upload: Add missing changes regarding
      lintian.
  * debian/gosa.post{inst,rm}:
    + Use quotes around which commands. This fixes failures during
      post-installation if either of the supported http daemon packages is not
      installed.

 -- Mike Gabriel <sunweaver@debian.org>  Sun, 17 Jan 2016 16:52:35 +0100

gosa (2.7.4+reloaded2-6) unstable; urgency=medium

  * debian/patches:
    + Fix 1007_gen-uids-like-gosa26.patch. If a placeholder operator specifies
      no start and end, but only one value (e.g., %{givenName[12]}), then always
      use the complete string. (Closes: #803540).
    + Add 1021_disable-sorting-in-DHCP-section-lists.patch. Disable sorting for
      DHCP section lists (plus fix accessor name in class_sortableList.inc).
      (Closes: #796813).
    + Add 0006_code-injection-in-samba-hash-generation.patch,
      0007_update-sambaHashHook-description.patch. Fix potential code injection
      issue in Samba hash generation. (CVE-2015-8771)
    + Update 1004_fix-typos-in-man-pages.patch due to cherry-picking
      0007_update-sambaHashHook-description.patch from upstream. Also fix
      more man page typos (reported by lintian).
  * debian/gosa.postinst:
    + When figuring out whether it makes sense to restart Apache2, let's check
      for presence of apache2ctl binary (instead of apache2 binary). Nowadays,
      the Apache2 server can be considered installed when apache2ctl is present
      on a Debian system.
    + Avoid usage of full paths when testing for presence of executables.
  * debian/gosa.postrm:
    + Avoid usage of full paths when testing for presence of executables.
  * lintian:
    + Add two more false-positives (source-contains-prebuilt-javascript-object,
      source-is-missing for GOsa's own version of datepicker.js).

 -- Mike Gabriel <sunweaver@debian.org>  Mon, 04 Jan 2016 23:33:10 +0100

gosa (2.7.4+reloaded2-5) unstable; urgency=medium

  * debian/patches:
    + Update 1016_allow-same-user-ids-as-adduser.patch. Fix typo.
    + Update 0003_xss-vulnerability-on-login-screen.patch. Fix a
      second place where $username should be sanitized by set_post()
      function.
    + Add 1020_ob-fixes.patch. Only run ob_end_clean() if there is
      something to clean.

 -- Mike Gabriel <sunweaver@debian.org>  Mon, 19 Oct 2015 13:17:40 +0200

gosa (2.7.4+reloaded2-4) unstable; urgency=medium

  * debian/patches:
    + Improve 1007_gen-uids-like-gosa26.patch. Handle situations where attribute
      values are shorter than the minimal length required. Use the complete
      attribute's value then, if even not long enough.
    + Fix 1012_allow-one-level-domains-in-email-addresses.patch. Fix email
      template checks in tests::is_email(). Also, allow mail addresses
      starting with a single letter followed by a dot as second character
      (e.g., "m.gabriel").
    + Add 1013_fix-smarty-gettext-tags-recognition.patch. Fix rendering of .tpl
      files that contain parameterized {t} blocks.
    + Add 1014_fix-description-of-new-prim-groups.patch. Fix obtaining givenName
      and sn from user object when creating its primary POSIX group.
    + Add 1015_allow-iso8601-date-format-in-user-API.patch. Allow writing
      ISO8601 conform date strings into the dateOfBirth field.
    + Add 1016_allow-same-user-ids-as-adduser.patch. If strictNamingRules is set
      to false in gosa.conf, allow the same UID naming rule as found in
      /usr/bin/adduser (as of Debian jessie/stretch).
    + Add 1017_get-ogroups-ou-fix.patch. Use correct GOsa² API call to obtain
      ogroupRDN string.
    + Add 1018_no-item-multiplication-on-duplicate-search-results.patch. Don't
      return items more than once when found during consecutive search queries.
    + Add 1019_fix-various-typos.patch. Fix various typos in the GOsa² code.
  * debian/gosa-apache.conf:
    + Drop FCGIWRapper option from FCGI related Apache2 config part. Fixes
      Apache2 startup failures when mod_fscgi is used with GOsa².
  * Debian Menu system: Drop debian/gosa.menu in favour of shipping our
    gosa-desktop.desktop file. (See tech-ctte resolution in #741573).
  * Debhelper compat: Bump to version 9.
  * debian/control:
    + Drop R (gosa): ${misc:Recommends}.

 -- Mike Gabriel <sunweaver@debian.org>  Tue, 13 Oct 2015 16:19:33 +0200

gosa (2.7.4+reloaded2-3) unstable; urgency=medium

  * debian/patches:
    + Rename several patches (2005-2008 -> 1005-1008) to denote that
      they are relevant for upstream.
    + Add 1009_fix-insertDhcp-icon-in-dhcp-section-overview.patch. Fix
      label stripping in GOsa²'s image() function. This fixes displaying
      the insertDhcp* icon in the DHCP service plugin. (Closes: #794117).
    + Add 2005_allow-Debian-blends-to-override-gosa-conf.patch. Allow
      Debian blends to provide their own version of gosa.conf and not get
      bugged by GOsa's notification message on gosa.conf template changes.
      Debian blends using GOsa (e.g., Edu, LAN) must handle gosa.conf
      updates themselves. (Closes: #794118).
    + Add 0004_fix-get-post.patch. Fix transferral of POST variables.
    + Add 1010_fix-entry-removal-in-mail-plugin.patch. Fix entry deletion
      of items in "alternatives addresses" and "forward messages to
      non-group members" for group mail objects. (LP:#1307483).
    + Add 0005_fix-password-expiry-status.patch. Fix expiration status
      for passwords if shadowMax is used in POSIX/shadow accounts.
    + Add 1011_define-isPluginModified.patch. Fix undefined property
      error for non-defined usertags::$isPluginModified. (Closes: #794690).
    + Add 1012_allow-one-level-domains-in-email-addresses.patch. Allow
      one-level domains in email addresses (such as <uid>@intern, as used
      in Debian Edu by default). (Closes: #794738).
  debian/control:
    + Add C (gosa-plugin-mail): gosa-plugin-mailaddress. New package in
      Debian unstable providing a very light-weighted Mail configuration
      plugin für GOsa².

 -- Mike Gabriel <sunweaver@debian.org>  Mon, 24 Aug 2015 15:15:14 +0200

gosa (2.7.4+reloaded2-2) unstable; urgency=medium

  * debian/patches:
    + Add 2007_gen-uids-like-gosa26.patch. Fix idGenerator for patterns
      like {%sn[3-6}-{%givenName[3-6]}. (Closes: #793455).
    + Add 2008_enable-csv-import-on-clean-installs.patch. Enable CSV / LDIF
      import on (non-Debian-Edu) clean GOsa² installations by default. (Closes:
      #782529)
  * debian/{control,*.install}:
    + Process with wrap-and-sort.
  * debian/control:
    + Bump Standards: to 3.9.6. No changes needed.
  * debian/copyright:
    + Really mention all files (plus various fixes).
  * debian/watch:
    + Provide as symlink to debian/watch.gosa-core to make uscan and DDPO happy.
  * lintian:
    + Drop debian-watch-file-is-missing override. This package version now
      provides a watch file.
  * debian/gosa-desktop.desktop:
    + Drop MimeType= key from .desktop file. Makes no sense without providing
      %f, %F, %u or %U for the Exec key.

 -- Mike Gabriel <sunweaver@debian.org>  Fri, 24 Jul 2015 11:06:39 +0200

gosa (2.7.4+reloaded2-1) unstable; urgency=medium

  * Repack gosa src:package in order to drop several subtrees of the source
    code:
    - Smarty3 sources,
    - Smarty Gettext sources,
    - Liberation font, further fonts shipped with pChart,
    - Scriptaculous.js,
    - and upstream's debian/ packaging folder.

  * debian/README.multi-orig-tarball-package:
    + Grammar fix.
  * debian/gosa.postinst:
    + When activating gosa for lighttpd, create /etc/lighttpd/conf-enabled/
      if it does not exist, yet. (Closes: #757558).
  * debian/control:
    + Make sure that all GOsa² component/plugin bin:packages match the exact
      version of the gosa bin:package.
    + Add D (gosa): smarty-gettext.
    + Add D (gosa): libjs-scriptaculous.
  * debian/rules:
    + Rework get-orig-source rule, remove embedded libraries from upstream
      source tree.
    + Stop shipping fonts with gosa src:package in Debian (via
      get-orig-source).
    + Use Debian's version of smarty-gettext (via symlink).
    + Use Debian's version of Scriptaculous.js and Prototype.js (via symlinks).
    + Improve readability. Add some comments.
  * debian/copyright:
    + Update file.
    + Update debian/copyright.in template.
  * lintian:
    + Drop override embedded-php-library for Smarty3. Not shipped in repacked
      sources anymore.
    + Drop override embedded-php-library for Scriptaculous.js and Prototype.js.
      Not shipped in repacked sources anymore.
    + Drop unused overrides.
  * debian/patches:
    + Add 1004_fix-typos-in-man-pages.patch. Fix several typos and
      hyphen-used-as-minus-sign issues in GOsa² man pages.
    + Update 0001_smarty3.patch. The sources of smarty-gettext are not shipped
      with Debian's gosa src:package anymore.
    + Improve trimming in 1002_trim-decrypt.patch. Obtained from latest password
      encryption/decryption tests with FusionDirectory.
    + Provide patch headers with Author: and Description: fields whereever
      possible.

 -- Mike Gabriel <sunweaver@debian.org>  Mon, 11 Aug 2014 18:41:55 +0200

gosa (2.7.4+reloaded1-4) unstable; urgency=medium

  * debian/patches:
    + Add 0004_RequestHeader-no-underscores-apache24.patch. Since Apache2.4:
      Translation of headers to environment variables is more strict than before
      to mitigate some possible cross-site-scripting attacks via header
      injection. Headers containing invalid characters (including underscores)
      are now silently dropped. (Closes: #753419).

 -- Mike Gabriel <sunweaver@debian.org>  Tue, 01 Jul 2014 20:40:05 +0200

gosa (2.7.4+reloaded1-3) unstable; urgency=medium

  * debian/patches:
    + Update patch naming scheme. See debian/patches/README.
    + Unify file name scheme in patch files.
    + Add 1002_trim_decrypt.patch. Fix decryption of LDAP master
      password (which previously got encrypted with gosa-encrypt-password).
      (Closes: #748065).
    + Add 0003_xss-vulnerability-on-login-screen.patch.  Escape html entities
      to fix xss at the login screen. (Closes: #753388).

 -- Mike Gabriel <sunweaver@debian.org>  Tue, 01 Jul 2014 14:19:45 +0200

gosa (2.7.4+reloaded1-2) unstable; urgency=low

  * debian/control:
    + Update Vcs-*: fields. Packaging has been moved to Alioth and is now
      Git based.
    + Bump Standards: to 3.9.5. Fixed DEP-5 compliancy of debian/copyright.
  * debian/copyright:
    + Make file DEP-5 compliant.
    + Add CDBS-autogenerated debian/copyright.in file for later reference.
  * debian/gosa.prerm:
    + Ignore those valid prerm options that nothing has to be done for.
      (Closes: #745045).
  * debian/gosa.postrm:
    + Handle apache2 config symlink removal and Apache2 restarts properly
      on package purging. (Closes: #744151).
  * debian/gosa.postinst:
    + Only create Apache2.2 symlinks if Apache2.4 conf-available folder is
      not present.
  * Remove obsolete packaging files for formerly embedded bin:package smarty3.
  * package scripts: Whitespace clean-up. Use tabs as indentations.

 -- Mike Gabriel <sunweaver@debian.org>  Sun, 18 May 2014 22:44:32 +0200

gosa (2.7.4+reloaded1-1) unstable; urgency=low

  * New maintenance team: Debian Edu Packaging Team.
  * Use upstream tarballs as provided at http://oss.gonicus.de/pub/gosa/
    instead of assembling them from SVN or other source. This makes
    tarballs checksum stable and allows us to plainly keep the
    debian/ folder in Vcs.
  * debian/rules:
    + Add get-orig-source sequence.
    + Symlink default theme's fonts against fonts in
      /usr/share/fonts/truetrype/liberation.
    + Install upstream Changelog into bin:packages.
  * debian/control:
    + Drop deprecated field DM-Upload-Allowed.
    + Break up Depends: field items into multiple lines (makes control file
      diffs easier to read).
    + Depend on fonts-liberation (rather than on transitional package
      ttf-liberation). (Closes: #722358).
    + Bin:package gosa: Alternatively depend on php5-mysqlnd or php-mysql.
      (Closes: #718857).
    + Bin:package gosa: Alternatively depend on libapache2-mod-php5,
      php5-cgi _or_ php5-fpm. (Closes: #718859).
  * debian/gosa-plugin-mail.install, debian/gosa-plugin-mail.<scripts>:
    + Install conffiles to location where they are expected by the
      GOsa² WebGUI. Handle conffile moval in bin:package gracefully.
      (Closes: #714922).
  * debian/gosa.prerm:
    + Add file. Handle removal of symlinks created during postinst.
      (Closes: #715441).
  * debian/gosa.postinst:
    + Enable gosa-apache.conf appropriately with Apache2.4. Thanks to
      Andreas B. Mundt for providing the necessary patch. (Closes: #717743).
  * debian/source.lintian-overrides:
    + Override gosa source: debian-watch-file-is-missing. We actually have
      very many watch.* files (for each of the multiple orig tarballs).

 -- Mike Gabriel <sunweaver@debian.org>  Tue, 01 Apr 2014 19:54:34 +0200

gosa (2.7.4-4.4) unstable; urgency=low

  * Non-maintainer upload.
  * debian/patches/sasl-password-change.patch: New patch, allows for changing
    user passwords as admin for sasl authentication method. (Closes: #698544)

 -- Michael Banck <mbanck@debian.org>  Mon, 02 Dec 2013 12:37:29 +0100

gosa (2.7.4-4.3) unstable; urgency=low

  * Non-maintainer upload.
  * debian/patches/fix-mass-ldapimport.patch: New patch, fixes LDAP mass
    import, by Giorgio Pioda and Petter Reinholdtsen. (Closes: #698840)

 -- Michael Banck <mbanck@debian.org>  Fri, 14 Jun 2013 10:59:37 +0200

gosa (2.7.4-4.2) unstable; urgency=low

  [ Jonathan Wiltshire ]
  * Non-maintainer upload.

  [ Vagrant Cascadian ]
  * debian/gosa.postinst, debian/gosa.postrm: Only restart apache2 or lighttpd
    when binary is present. (Closes: #699616)

 -- Jonathan Wiltshire <jmw@debian.org>  Thu, 07 Feb 2013 20:28:29 +0000

gosa (2.7.4-4.1) unstable; urgency=low

  * Non-maintainer upload.
  * debian/gosa.postinst: add a guard around a2enmod for when
    gosa is installed without Apache2 (Closes: #698635)

 -- Jonathan Wiltshire <jmw@debian.org>  Sun, 27 Jan 2013 14:15:17 +0000

gosa (2.7.4-4) unstable; urgency=low

  * New smarty3 package fixes problems with template loading. This
    release removes the workarounds for that issue.

 -- Cajus Pollmeier <cajus@debian.org>  Tue, 19 Jun 2012 09:36:39 +0200

gosa (2.7.4-3) unstable; urgency=low

  * Reverted Apache2 transition because it has been aborted. Closes: #674357.
  * Checked if the package runs with debian packaged smarty
    3.1.x. Closes: #672398.

 -- Cajus Pollmeier <cajus@debian.org>  Mon, 18 Jun 2012 14:29:03 +0200

gosa (2.7.4-2) unstable; urgency=low

  * More robustness for the postinst scripts. Closes: #673168.
  * Hide duplicate message of update-gosa.

 -- Cajus Pollmeier <cajus@debian.org>  Thu, 17 May 2012 20:29:09 +0200

gosa (2.7.4-1) unstable; urgency=low

  * New upstream release
  * Apache2 transition to 2.4 (Closes: #669852)
  * Corrected dependency of the netatalk plugin (Closes: #606980)
  * Corrected dependency for deprecated Switch library (Closes: #629336)
  * Made user id editable when applying templates (Closes: #629446)
  * Added a conflict for no longer supported plugins (Closes: #608918, #608920)

 -- Cajus Pollmeier <cajus@debian.org>  Mon, 23 Apr 2012 10:54:39 +0200

gosa (2.7.3-2) unstable; urgency=low

  * Fixed purge in postrm script (Closes: #664852)
  * Brazilian Portuguese debconf templates translation (Closes: #662178)

 -- Cajus Pollmeier <cajus@debian.org>  Thu, 22 Mar 2012 13:58:59 +0100

gosa (2.7.3-1) unstable; urgency=low

  * New upstream release
  * Maintain DHCP information correctly (Closes: #650258)

 -- Cajus Pollmeier <cajus@debian.org>  Mon, 23 Jan 2012 09:07:40 +0100

gosa (2.7.2-1) unstable; urgency=low

  * New upstream release
  * Added danish template translation (Closes: #628223)
  * Removed extra spurious Czech translation file (Closes: #624209)
  * Upstream has followed the whishlist bug (Closes: #629315)
  * Fixed an incorrect warning issue (Closes: #629318)

 -- Cajus Pollmeier <cajus@debian.org>  Tue, 25 Oct 2011 13:48:03 +0200

gosa (2.7.1-2) unstable; urgency=low

  * Updated debconf translation (Closes: #624209)

 -- Cajus Pollmeier <cajus@debian.org>  Wed, 27 Apr 2011 08:32:00 +0200

gosa (2.7.1-1) unstable; urgency=low

  * New upstream release
  * Updated packaging to not include smarty (Closes: #620489)
  * Fixed case of POSIX (Closes: #620486)

 -- Cajus Pollmeier <cajus@debian.org>  Mon, 04 Oct 2010 10:45:44 +0200

gosa (2.6.11-1) unstable; urgency=low

  * Samba schema file is incompatible with Samba shipped with lenny
    (Closes: #582899)
  * package explicitly depends on preform MPM (Closes: #591043)
  * default config refers to missing FCGIWrapper (Closes: #591046)

 -- Benoit Mortier <benoit.mortier@opensides.be>  Fri, 13 Aug 2010 11:00:29 +0200

gosa (2.6.10-2) unstable; urgency=low

  * Removed faulty patch due to 3.0 source conversion
  * Prevented /usr/share/doc/gosa.conf to be compressed
    to make setup configuration file saving work again

 -- Benoit Mortier <benoit.mortier@opensides.be>  Tue, 27 Jul 2010 18:49:07 +0200

gosa (2.6.10-1) unstable; urgency=low

  [ Cajus Pollmeier ]
  * New upstream release

  [ Benoit Mortier ]
  * Switch to dpkg-source 3.0 (quilt) format
  * gosa fails with: "Fatal error: Call to undefined function
    print_array() (Closes: #573220)
  * GOSa fails to add IP and MAC addresses to samba created hosts
    (Closes: #582896)

 -- Benoit Mortier <benoit.mortier@opensides.be>  Tue, 20 Jul 2010 12:48:02 +0200

gosa (2.6.9-1) unstable; urgency=low

  * New upstream release

 -- Cajus Pollmeier <cajus@debian.org>  Mon, 15 Mar 2010 11:28:48 +0100

gosa (2.6.8-1) unstable; urgency=low

  * New upstream release

 -- Cajus Pollmeier <cajus@debian.org>  Mon, 15 Feb 2010 14:19:14 +0100

gosa (2.6.7-1) unstable; urgency=low

  * New upstream release

 -- Cajus Pollmeier <cajus@debian.org>  Wed, 27 Jan 2010 21:53:12 +0100

gosa (2.6.6-1) unstable; urgency=low

  * New upstream release

 -- Cajus Pollmeier <cajus@debian.org>  Mon, 05 Oct 2009 15:03:41 +0200

gosa (2.6.5-1) unstable; urgency=low

  * New upstream release

 -- Cajus Pollmeier <cajus@debian.org>  Wed, 25 Feb 2009 13:36:18 +0100

gosa (2.6.4-1) unstable; urgency=low

  * New upstream release

 -- Cajus Pollmeier <cajus@debian.org>  Fri, 06 Feb 2009 11:35:38 +0100

gosa (2.6.3-1) unstable; urgency=low

  * New upstream release

 -- Cajus Pollmeier <cajus@debian.org>  Thu, 15 Jan 2009 11:43:15 +0100

gosa (2.6.2-1) unstable; urgency=low

  * New upstream release

 -- Cajus Pollmeier <cajus@debian.org>  Fri, 19 Dec 2008 09:51:32 +0100

gosa (2.6.1-1) unstable; urgency=low

  * New upstream release

 -- Cajus Pollmeier <cajus@debian.org>  Mon, 07 Apr 2008 11:18:53 +0200