phpwiki (1.3.12p3-5etch1) stable-security; urgency=high

  * Non-maintainer upload by the security team.
  * CVE-2007-3193: lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the
    configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote
    attackers to bypass authentication via an empty password, which causes
    ldap_bind to return true when used with certain LDAP implementations.
    (Closes: #429201)
  * CVE-2007-2024, CVE-2007-2025: Unrestricted file upload vulnerability in
    the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows
    remote attackers to upload arbitrary PHP files with a double extension, as
    demonstrated by .php.3, which is interpreted by Apache as being a valid
    PHP file.
    (Closes: #441390)

 -- Thijs Kinkhorst <thijs@debian.org>  Sun,  9 Sep 2007 13:58:30 +0200

phpwiki (1.3.12p3-5) unstable; urgency=medium

  * Return an error from the dbconfig-common import script so that it
    doesn't try and proceed with invalid values.
  * Updated Japanese translation. Thanks to Kenshi Muto.
    (Closes: #398591)

 -- Matt Brown <mattb@debian.org>  Fri,  1 Dec 2006 23:50:49 +1300

phpwiki (1.3.12p3-4) unstable; urgency=high

  * Fix incorrect use of return to exit from dbconfig load helper script.
  (Closes: #396712)
  * Remove bashisms in debian/rules so builds with /bin/sh as dash work.

 -- Matt Brown <mattb@debian.org>  Sun,  5 Nov 2006 13:53:09 +1300

phpwiki (1.3.12p3-3) unstable; urgency=low

  * Updated Maintainer address to mattb@debian.org.
  * Display configupgraded template at high priority. Mentioned in README,
    but still imperative for user to manually verify config.
    (Closes: #388949)
  * Updated Czech translation thanks to Miroslav Kure. (Closes: #389178)
  * Added Dutch transalation thanks to Kurt De Bree. (Closes: #384871)

 -- Matt Brown <mattb@debian.org>  Mon, 23 Oct 2006 21:24:29 +1300

phpwiki (1.3.12p3-2) unstable; urgency=low

  * Reverted back to using dpatch for patch management, Makes changes
    more transparent for people deriving from and reviewing the package
  * Use dbconfig-common for database management. (Closes: #366996)
  * Rework database dependencies so that sqlite is no longer required.
    See NEWS for more details. (Closes: #262054)
  * Updated French translation thanks to Jean-Luc Coulon. (Closes: #383151)

 -- Matt Brown <debian@mattb.net.nz>  Sun, 27 Aug 2006 23:40:01 +1200

phpwiki (1.3.12p3-1) unstable; urgency=low

  * New upstream release
    - New configuration option DATABASE_OPTIMISE_FREQUENCY set to 0,
      nightly cron scripts will handle any required vacumning.
  * Clarified usage instructions for migrate-phpwiki-config
    (Closes: #367000).
  * Removed /dev/tty redirects which broke non-interactive upgrades and
    add --debconf-ok option to ucf calls.
    (Closes: #377304, Closes: #366995)
  * Require admin to run the upgrade wizard to complete upgrades
  * Improve robustness of the upgrade wizard
    - Remove MySQL specific SQL syntax (Closes: #367426)
    - Disable automatic schema updates for non MySQL database types
  * The 'user' table is deprecated in favour of the 'pref' table since
    1.3.12 was released, don't try and create it in the upgrade wizard
    (Closes: #367422).
  * Backup databases before performing any upgrade tasks (Closes: #361337)
  * Added patch to base64_decode stored page version data if required.
    (Closes: #366892).
  * Tweaked debconf templates to avoid lintian warnings
  * Fixed a bug in postinst that prevented new configuration defaults
    being installed during an upgrade.

 -- Matt Brown <debian@mattb.net.nz>  Sun, 23 Jul 2006 14:57:04 +1200

phpwiki (1.3.12p2-1) unstable; urgency=low

  * New upstream release
  * Patched to set auth cookie name based on wiki name. (Closes: #282565).
  * Install additional documentation now provided upstream. (Closes: #194506).
  * Updated French debconf translation - Jean-Luc Coulon. (Closes: #344687).
  * Updated dependencies to allow php4 or 5. (Closes: #356474).

 -- Matt Brown <debian@mattb.net.nz>  Sun,  9 Apr 2006 17:52:33 +1200

phpwiki (1.3.11p1-1) unstable; urgency=low

  * New upstream release. (Closes: 332645).
  * Updated german translation thanks to Jens Seidel. (Closes: #313815).
  * Updated french translation thanks to Jean-Luc Coulon and the
    debian-l10n-french mailing list. (Closes: #332212).
  * Added apache2 integration
  * Use webconfig-common functions to deal with apache. (Closes: #259098).
  * Removed rewrite rules completely. Use simple alias instead.
    - This works consistently regardless of whether mod_rewrite is present.
    - Closes: #273049, Closes: #309959
  * Added migration documentation for wikis not managed by the package.
    - Closes: #334712
  * Improved documentation about external auth methods. Suggest php4-imap
    and php4-ldap packages. (Closes: #334711). 

 -- Matt Brown <debian@mattb.net.nz>  Thu, 20 Oct 2005 01:56:23 +1300

phpwiki (1.3.10-2) unstable; urgency=low

  * Update .po files. Add debconf-updatepo to clean target. (Closes: #330033).

 -- Matt Brown <debian@mattb.net.nz>  Mon, 26 Sep 2005 09:47:46 +1200

phpwiki (1.3.10-1) unstable; urgency=low

  [ Matt Brown ]
  * Adopted package (Closes: #299146).
  * New upstream release (Closes: #243466).
    - Merged backported language files for Italian.
    - Merged various gettext backports.
    - Tidied debian/patches to reflect what had been merged upstream.
  * Adapted package to new upstream configuration system.
    - index.php no longer used for configuration.
    - Created an automatic migration script to move configurations to the
      new syntax and location. Should work in 95%+ of cases. Does not 
      migrate configurations using external authentication methods.
  * Updated rewrite rules to work with 1.3.10 release.
    - Double slash no longer present in the URL when is placed at the webroot.
    - Closes: #299443, Closes: #263705
  * Disabled PHP 'notice' errors to work around PHP 4.4 reference changes.

  [ David Moreno Garza ]
  * Updated debconf translations:
    - Czech (Closes: #280131).
    - Finnish (Closes: #258882).
    - Japanese (Closes: #307146).
    - Spanish (Closes: #276284).
    - Vietnamese (Closes: #316863).
  * Corrected typo on po-debconf (Closes: #267609).

 -- Matt Brown <debian@mattb.net.nz>  Mon,  5 Sep 2005 01:41:36 +1200

phpwiki (1.3.7-4) unstable; urgency=low

  * Orphaned, as I have little to no interest in the use or maintenance of
    PHPWiki any longer (See #299146).
  * Fixed a couple of brace-expansion issues to clear an FTBFS when
    /bin/sh == dash.
  * Removed xmlrpc.inc to prevent the possibility of compromised due to a
    security vulnerability in the XMLRPC library code.  Use the PECL module
    if you want XMLRPC functionality.  Closes: #316714.

 -- Matthew Palmer <mpalmer@debian.org>  Sun,  3 Jul 2005 19:06:58 +1000

phpwiki (1.3.7-3) unstable; urgency=low

  * Added more guards to the postinst to ensure we don't invoke an apache's
    init script unless it's rooly trooly there.  Closes: #249772, #245586.
  * Renamed the 'RecentChanges' page in the german translation from
    FricheSeiten to NeuesteÄnderungen.  Closes: #245812.
  * Cherry-picked pgsrc/TestFormattingRules#1.32 from upstream CVS,
    documenting the proper use of tilde in polite Wikiing.  Closes: #227953.
  * Bumped php4-sqlite and sqlite to Required: because it effectively does
    (legacy dba systems notwithstanding).  Closes: #256813.

 -- Matthew Palmer <mpalmer@debian.org>  Wed, 30 Jun 2004 21:25:29 +1000

phpwiki (1.3.7-2) unstable; urgency=low

  * Moved the PHPWIKI_VERSION define from index.php to lib/prepend.php,
    since it really isn't something user configurable.  Closes: #233599.
  * As above, moved COPYRIGHTPAGE_TITLE, COPYRIGHTPAGE_URL,
    AUTHORPAGE_TITLE, and AUTHORPAGE_URL.  Closes: 238845.
  * Applied revised patch to not use the <button> tag (from Norman
    Rasmussen) so that random password creation in passencrypt.php works in
    IE.  Closes: #236342.
  * Use invoke-rc.d according to policy 9.3.3.2.  Closes: #237145.
  * Explicitly disable output compression, since it apparently causes
    problems with PHP4 in CGI mode.  Closes: #228735.
  * Modified dependcy information.  No longer depend on apache or equivalent
    (Closes: #237016), remove version restriction on php4 (why was that ever
    even in there?  PHPWiki runs fine on 4.1.2), and add php4-cgi as an
    alternative to php4, as it can be run on apache2 (I presume).
  * Symlink the apache config into /etc/<srv>/conf.d if possible instead of
    screwing with httpd.conf directly.  Closes: #237254.
  * Remove the webservers config option from use.  No need for it, as we
    should be able to automatically detect which webservers are available to
    install into.
  * Converted all of my upstream-able patches to use dpatch.  Much cleaner
    diff now.  Closes: #233213.  That package needs a HOWTO to explain the
    simplest way of splitting out and converting patches - it wasn't a nice
    experience.
  * Explicitly disabled the wiki admin account, as there's no reasonable way
    to enable it without requiring user intervention at install, and the
    package "works" without it.  Closes: #225977.
  * Converted new installation script to use SQLite instead of stupid,
    broken DB4.  Closes: #232361.
  * Imported several upstream changes to better support SQLite:
      - Revision 1.41 of lib/WikiDB/backend/PearDB.php
      - Revision 1.42 of lib/WikiDB/backend/PearDB.php
      - schemas/sqlite.sql
      - lib/WikiDB/backend/sqlite.php
  * Imported CVS revision 1.3 of lib/imagecache.php to fix problems therein.
    Hopefully imagecaching will now work right, which makes the VisualWiki
    stuff work.  Closes: #240923.
  * Added the pages FullTextSearch and FuzzyPages to the Italian
    localisation version, so that the searches will (apparently) work right.
    Committed upstream 9/04/2004.  Closes: #228115.
  * Split out the postinst into several independent subroutines.
  * Added a new french debconf translation.  Closes: #238744.
  * Now using the ucf --sum_file option on index.php so that upgrades might
    be a bit smoother.
  * Bumped standards-version to 3.6.1.  No changes necessary.

 -- Matthew Palmer <mpalmer@debian.org>  Tue, 20 Apr 2004 21:27:31 +1000

phpwiki (1.3.7-1) unstable; urgency=low

  * New upstream version.  Closes: #227680.
  * Included passencrypt.php in /usr/share/phpwiki, and ensured that the
    non-existent passwordencrypt.php isn't mentioned anywhere.
    Relates to: #225977.
  * Transitioned apache.conf to use ucf.  Closes: #228497.
  * After much thrashing, made URL rewriting to my satisfaction, so we
    no longer get index.php's in the middle of our URLs (a long standing
    peeve of mine).  Thanks to Andreas Krueger for giving me the gist of
    it all.  Closes: #228504.
  * Automatically create a new database file, to work around blecherisms in
    PHP4's DB4 implementation.  Closes: #224149.
  * New config file, debian-config.php, to set defaults for all those things
    that postinst needs to screw with in index.php.
  * Added a lock tables grant to INSTALL.mysql.  Closes: #231101.
  * Added a brazilian debconf translation.  Closes: #231772.
  * Made the upgrade detector a little less brutal.

 -- Matthew Palmer <mpalmer@debian.org>  Thu, 12 Feb 2004 20:55:20 +1100

phpwiki (1.3.6-2) unstable; urgency=low

  * Incorporated suggestions made by Nikita Youshchenko to improve the LDAP
    experience.  Closes: #221928.
  * Properly quoted the versions in --compare-versions so that an empty
    version doesn't cause conniptions.  Closes: #224433.

 -- Matthew Palmer <mpalmer@debian.org>  Fri, 21 Nov 2003 17:32:33 +1100

phpwiki (1.3.6-1) unstable; urgency=low

  * New upstream version.  Closes: #221155.
  * Really reverted debconf error handling on phpwiki/webservers.
    (Closes: #214178).  Previous question still stands.
  * Removed the watch file since it's useless anyway.
  * Added a workaround for a DB4 bug (which messily blows away your old
    database - yuck).  Fixed the previously reported DB4 problems, though.
    Closes: #220987.
  * Modified the postinst so it'll correctly upgrade databases and config
    files for db4.

 -- Matthew Palmer <mpalmer@debian.org>  Wed, 19 Nov 2003 14:33:14 +1100

phpwiki (1.3.4-5) unstable; urgency=low

  * Removed otherwise b0rken files which I have no idea how to fix.
    (Closes: #215474)
  * Reverted debconf error handling in postrm because it totally roots the
    script.  (Closes: #214178)  So, the question is, how the fsck do you do
    error handing for debconf in a shell script?

 -- Matthew Palmer <mpalmer@debian.org>  Mon, 13 Oct 2003 12:38:10 +1000

phpwiki (1.3.4-4) unstable; urgency=low

  * Changed some file tests in the postinst, which was reported by Stefan
    Gybas to fix a crashing postinst (Closes: #203845)
  * Applied the po-debconf patch supplied by Michel Grentzinger, for easy
    translation support.  (Closes: #210795)
  * Fixed the include path so we're really looking in /usr/share/php.
    Relates to #211940, which I erroneously closed as a local config problem
    earlier.
  * Added quotes to fix a screwed up debconf.  (Closes: #203845)
  * Added french translation for the debconf messages.  (Closes: #212007,
    #213123)

 -- Matthew Palmer <mpalmer@debian.org>  Mon, 29 Sep 2003 21:34:33 +1000

phpwiki (1.3.4-3) unstable; urgency=low

  * Changed the default database type to DB3, since (apparently) DB2 isn't
    supported by the Debian PHP4 packages in sid any more.  Closes: #209272.
  * Changed ALLOW_USER_LOGIN to false.  Fixes a PHP warning, and should also
    have been set before.

 -- Matthew Palmer <mpalmer@debian.org>  Tue,  9 Sep 2003 09:04:08 +1000

phpwiki (1.3.4-2) unstable; urgency=low

  * Added /usr/share/php to the include path, since it appears that PEAR has
    been moved there.  Thanks for letting me know, guys... (Closes: #206234)

 -- Matthew Palmer <mpalmer@debian.org>  Tue, 26 Aug 2003 13:05:16 +1000

phpwiki (1.3.4-1) unstable; urgency=low

  * New upstream version (Closes: #201098)
  * Changed strange perms to be set in the package, so dpkg-statoverride can
    do it's magic

 -- Matthew Palmer <mpalmer@debian.org>  Mon, 21 Jul 2003 17:29:41 +1000

phpwiki (1.3.3-9) unstable; urgency=low

  * Note to self: cat wants a filename, echo just prints.  Sigh.  (fix in
    postrm).  (Closes: #184830)

 -- Matthew Palmer <mpalmer@debian.org>  Sat, 15 Mar 2003 19:09:08 +1100

phpwiki (1.3.3-8) unstable; urgency=low

  * Major faff-up - forgot to source the debconf stuff in postrm.  Now I do.
    (Closes: #184040)

 -- Matthew Palmer <mpalmer@debian.org>  Sun,  9 Mar 2003 16:39:44 +1100

phpwiki (1.3.3-7) unstable; urgency=low

  * Added instructions to README.Debian on how to create multiple/user wikis
    (Closes: #182502)
  * Ask for servers to install into, and add/remove/restart those servers.
    (Closes: #173446)  Sorry about the delay.
  * Edited schemas/psql.sql and doc/INSTALL.pgsql as suggested by the
    submitter.  Don't have PostgreSQL to test, so I'm going on faith.
    (Closes: #179860)
  * Added a DirectoryIndex directive to automatically load index.php.  This
    should normally be included in the base apache config, but
    belt-and-braces.  (Closes: #181513)

 -- Matthew Palmer <mpalmer@debian.org>  Sat,  8 Mar 2003 22:06:45 +1100

phpwiki (1.3.3-6) unstable; urgency=low

  * Added extra guards in postinst to catch rare errors.
  * Removed all semblance of the $etcdir testing framework, since it caused
    more trouble than it was worth.
  * Dirty hack to ensure that, if nothing died during the postinst, the
    postinst won't report nasty errors.  (Closes: #163380)

 -- Matthew Palmer <mpalmer@debian.org>  Sat, 19 Oct 2002 09:39:22 +1000

phpwiki (1.3.3-5) unstable; urgency=low

  * Modified lib/WikiDB/backend/PearDB.php to include the right file.
    Closes: #164061
  * Added the MySQL and PGSQL schema files.
  * Added lintian overrides.

 -- Matthew Palmer <mpalmer@debian.org>  Thu, 10 Oct 2002 15:48:55 +1000

phpwiki (1.3.3-4) unstable; urgency=low

  * Set file permissions so that not quite everyone in the world can have a
    gawk at the PHPWiki admin password.  Closes: #163804

 -- Matthew Palmer <mpalmer@debian.org>  Wed,  9 Oct 2002 09:03:36 +1000

phpwiki (1.3.3-3) unstable; urgency=low

  * I screwed up and left $etcdir = ".".  It's back where it is, and it
    won't happen again (trust me, I'm an engineer).  Closes: #163753

 -- Matthew Palmer <mpalmer@debian.org>  Tue,  8 Oct 2002 12:11:02 +1000

phpwiki (1.3.3-2) unstable; urgency=low

  * Better add/remove of Include directive in /etc/apache/httpd.conf.
  * Ask users to edit /etc/phpwiki/index.php instead of
    /usr/share/phpwiki/index.php.  (Closes: #163138)
  * Now depends on apache, as well as making checks around any modification
    of config files not owned by us.  (Closes: #163140)
  * Better guarding of postrm rmdirs in case the directory has been removed.

 -- Matthew Palmer <mpalmer@debian.org>  Mon,  7 Oct 2002 09:20:11 +1000

phpwiki (1.3.3-1) unstable; urgency=low

  * Initial Release.  (Closes: #161979)

 -- Matthew Palmer <mpalmer@debian.org>  Mon, 23 Sep 2002 13:50:53 +1000