lp:debian/lenny/dtc
- Get this branch:
- bzr branch lp:debian/lenny/dtc
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 8. By Thomas Goirand <email address hidden>
-
* QA upload fixing:
- Removed old iGlobalWall folder which included unwanted information.
- Removed sourceless OSX mod_log_sql.so files (Closes: #637469).
- Fixes lists shell injection issue (Closes: #637477).
- Sets unix rights to non-world readable for the apache2.conf file,
since it contains SQL access password (Closes: #637485).
- Now htmlspecialchars() the output of DNS & MX, preventing a possible
HTML injection issue (Closes: #637584).
- Fixes "package installer includes php files in untrusted directories"
if some package install packages are installed (Closes: #637629, #637630).
- Adds htmlspecialchars() in the ticket display.
- Fixes sudo access to chrootuid is giving access to root using the new
dtc-chroot-wrapper (Closes: #637618).
- Not using htpasswd -b to create .htpasswd files (Closes: #637537).
- Checks $_SERVER["addrlink" ] input correctly, since it could lead to very
bad SQL insertion (Closes: #637487 ).
- Fixes an SQL injection in package installer (Closes: #637632).
- Fixes an SQL injection in the draw_user_admin.php (Closes: #637669). - 7. By Thomas Goirand <email address hidden>
-
* Fixes: CVE-2011-0434: SQL injection in bw_per_month.php graph
* Fixes: CVE-2011-0435: Bandwidth information disclosure in bw_per_month.php
graph.
* Fixes: CVE-2011-0436: Passwords being emailed to the admin in clear text
(Closes: #614302).
* Fixes: CVE-2011-0437: Removed dangerous SQL old unused code for ssh
accounts management. - 6. By Thomas Goirand
-
The last debian package was wrongly packaged with a version older than
the 0.29.16 because of some Git mistake (forgot to push before I did the
clone to build the package). This corrects it. - 5. By Thomas Goirand
-
* New upstream release with corrections for Lenny, backported from the master
branch of the Git, to add corrections and not features as follow:
- Modify depends: so it uses proftpd-mod-mysql as this is the new package
for proftpd...
- Solved the INSERT bug for the Money spent accounting functions.
- Now the add domain or service link is ALWAYS showed.
- Fixed a bug if adding a new service with a non-debian VPS.
- Removed list.dsbl.org from default DNSBL as it's dead.
* Removed all trace of php4 dependency, leaving only dependency to php5. This
is needed as lintian doesn't see "php5-cli | php4-cli" and yell that
phpX-cli is missing.
* Removed unused debconf template. - 4. By Thomas Goirand
-
* New upstream release with corrections for Lenny, backported from the master
branch of the Git, to add corrections and not features as follow:
- Big problem with the pending payment thing that was setting things as
validated when they were in fact just pending.
- the CPU rrd data collection (the rrd call was commented out)
- the setup of the default index.php & 404 subdomain files
- sa-wrapper symlink attack vulnerability fix (Closes: #496362)
- removed the paylog.txt logging
- [v0.29.8] phpmyadmin blowfish_secret owner change
- [v0.29.8] Cleaning the spam folder with -mtime instead of -atime
- [v0.29.8] Added a full Simplified Chinese translation by Wei Cao
<email address hidden>, including debconf and the software itself
- [v0.29.8] Removed the "limit 1" when setting the id_client to zero
when deleting an admin.
- [v0.29.8] Solved the mysql users & db deletion bug when deleting an
admin, removed the old mysql manager code that was remaining.
- [v0.29.8] Needed a global $pro_mysql_pop_table in the spam folder
cleanup
- [v0.29.8] Removed a bug when there is no install log at all that was
preventing the VPS install tab to be displayed
- [v0.29.8] Some global variables for the vps table names where missing
in deleteVPS()
- [v0.29.8] The cron job needed to be modified for gen_named='yes',
reload_named=' yes' when modifying the wildcard DNS thing.
- [v0.29.8] A Tags: was still there in debian/control, it's now removed. - 2. By Thomas Goirand
-
* Added Duch template by Bart Cornelis (Closes: #416987)
* Added Czech template by Miroslav Kure (Closes: #416938)
* Added french template by Christian Perrier (Closes: #416734)
* Updated the template reviewed by Christian Perrier (Closes: #415231)
which works for the debian-l10n-english group (Closes: #402657)
* Added Galician debconf template translation for the package thanks to
Jacobo Tarrio <email address hidden> (Closes: #415629)
* Added Portuguese debconf template translation for the package thanks to
Ricardo Silva <email address hidden> (Closes: #415814)
* Updated german debconf template translation for the package thanks to
Cristian Livadaru
* dtc/conf_mysql_change_ root is set to false as per default, as the
previous release didn't close #414484 as written before
* There has never been saveConfig saving to /root, but I'm writting an
entry in there in order to close this bug (Closes: #414470)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/squeeze/dtc