Change logs for typo3-src source package in Sid

typo3-src (4.5.40+dfsg1-1) unstable; urgency=high


  * New upstream release:
    - fixes: "TYPO3-CORE-SA-2015-001: Authentication Bypass"
      (Closes: #778870)
    - fixes: "TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS"
      (Closes: #766502)

 -- Christian Welzel <email address hidden>  Sat, 21 Feb 2015 20:00:00 +0100

typo3-src (4.5.35+dfsg1-1) unstable; urgency=low


  * New upstream release.

 -- Christian Welzel <email address hidden>  Thu, 31 Aug 2014 12:00:00 +0200

typo3-src (4.5.34+dfsg1-1) unstable; urgency=high


  * New upstream release:
    - fixes: "TYPO3-CORE-SA-2014-001: Multiple Vulnerabilities in TYPO3 CMS"
      (Closes: #749215)

 -- Christian Welzel <email address hidden>  Sun, 25 May 2014 10:00:00 +0200

typo3-src (4.5.33+dfsg1-1) unstable; urgency=low


  * New upstream release.

 -- Christian Welzel <email address hidden>  Wed, 30 Apr 2014 10:00:00 +0200

typo3-src (4.5.32+dfsg1-1) unstable; urgency=medium


  * New upstream release:
    - fixes: "TYPO3-CORE-SA-2013-004: Multiple Vulnerabilities in
      TYPO3 CMS" (Closes: #731999)

 -- Christian Welzel <email address hidden>  Fri, 13 Dec 2013 20:08:14 +0100

typo3-src (4.5.30+dfsg1-2) unstable; urgency=low


  * Reworked typo3-dummy.postinst and typo3-dummy.postrm (Closes: 714888).
  * Added mysql-client to dependency list of typo3-dummy.

 -- Christian Welzel <email address hidden>  Thu, 21 Sep 2013 23:08:14 +0200

typo3-src (4.5.30+dfsg1-1) unstable; urgency=low


  * New upstream release.

 -- Christian Welzel <email address hidden>  Thu, 21 Sep 2013 22:08:14 +0200

typo3-src (4.5.29+dfsg1-1) unstable; urgency=medium


  * New upstream release:
    - fixes: "TYPO3-CORE-SA-2013-002: Cross-Site Scripting and Remote
      Code Execution Vulnerability in TYPO3 Core" (Closes: 720194)
  * Import of sources of 2.0.4.6 of 1pixelout audio player from 
    http://subversion.assembla.com/svn/1pixelout/audio-player/tags/2.0.4.6.
  * Changed audio player license (GPL-2 -> MIT).

 -- Christian Welzel <email address hidden>  Wed, 21 Aug 2013 22:08:14 +0200

typo3-src (4.5.27+dfsg1-3) unstable; urgency=low


  * Added italian translation (Closes: #712400)

 -- Christian Welzel <email address hidden>  Thu, 20 Jun 2013 11:26:36 +0200

typo3-src (4.5.27+dfsg1-2) unstable; urgency=low


  * Fix detection of apache 2.2 (Closes: #710512).

 -- Christian Welzel <email address hidden>  Tue, 04 Jun 2013 20:13:56 +0200

typo3-src (4.5.27+dfsg1-1) unstable; urgency=low


  * New upstream release.
  * Removed patch for wheezy patch level version.
  * Removed patch for TYPO3-SA-2013-001 (integrated into upstream).
  * Removed patch for TYPO3-CORE-SA-2012-004 (integrated into upstream).
  * Set standards version to 3.9.4.
  * Removed DM-Upload-Allowed header.
  * Removed access to /lib/init/vars.sh from typo3-dummy.init.
  * Added database schema change for typo3 bug 16762.

 -- Christian Welzel <email address hidden>  Thu, 30 May 2013 17:37:22 +0200

typo3-src (4.5.19+dfsg1-5) unstable; urgency=low


  * Added patch for TYPO3-SA-2013-001. (Closes: #702574)
  * Set patch level version to -pl.4.5.25.

 -- Christian Welzel <email address hidden>  Fri, 08 Mar 2013 17:02:05 +0100

typo3-src (4.5.19+dfsg1-4.1) unstable; urgency=low


  * Non-maintainer upload.
  * Fix "copyright file missing after upgrade (policy 12.5)":
    replace directory with symlink in typo3.postinst.
    Thanks Andreas Beckmann for the bug report and the template for the fix.
    (Closes: #698631)

 -- gregor herrmann <email address hidden>  Mon, 28 Jan 2013 21:23:03 +0100

typo3-src (4.5.19+dfsg1-4) unstable; urgency=medium


  * Added patch for regression introduced by TYPO3-SA-2012-5-patch.
  * Set patch level version to -pl.4.5.22.

 -- Christian Welzel <email address hidden>  Tue, 13 Nov 2012 12:04:00 +0100

typo3-src (4.5.19+dfsg1-3) unstable; urgency=medium


  * Added patch for TYPO3-SA-2012-5 (Closes: #692775)
  * Set patch level version to -pl.4.5.21.

 -- Christian Welzel <email address hidden>  Thu, 08 Nov 2012 22:04:00 +0100

typo3-src (4.5.19+dfsg1-2) unstable; urgency=low


  * Added rsaauth and saltedpasswords to the list of installed extensions and
    change owner and permissions of generated localconf.php in postinst.
    (Closes: 689329)

 -- Christian Welzel <email address hidden>  Wed, 10 Oct 2012 15:09:57 +0200

typo3-src (4.5.19+dfsg1-1) unstable; urgency=high


  * New upstream release:
    - fixes: "TYPO3 Security Bulletin TYPO3-CORE-SA-2012-004: Several
      Vulnerabilities in TYPO3 Core" (Closes: 685011)

 -- Christian Welzel <email address hidden>  Wed, 15 Aug 2012 22:40:03 +0200

typo3-src (4.5.17+dfsg1-1) unstable; urgency=low


  * New upstream release.
  * Added all linked external resources to open_basedir.
  * Increased max_post_size to match upload_max_filesize (both 10M now)
  * Removed PHP safe_mode options as they are removed from PHP 5.4 (and
    cause errors with external resources and the TYPO3 compressor)
  * Removed E_STRICT patch for PHP 5.4 (applied upstream).

 -- Christian Welzel <email address hidden>  Thu, 05 Jul 2012 22:40:03 +0200

typo3-src (4.5.16+dfsg3-1) unstable; urgency=low


  * Remove jslint.js because of non free license.

 -- Christian Welzel <email address hidden>  Mon, 28 May 2012 16:56:48 +0200

typo3-src (4.5.16+dfsg2-1) unstable; urgency=low


  * Cleanup of build target.
  * Removes embeded swfupload and adds depend on libjs-swfupload.
  * Moved source code for multimedia players from patches to debian/contrib/
  * Moved source code for modernizr from patches to debian/contrib/
  * Remove typo3/contrib/extjs/resources/charts.swf because of missing source.
  * Added source of typo3/contrib/svgweb.
  * Build svgweb javascript from source.
  * Make get-orig-source use gzip -9.

 -- Christian Welzel <email address hidden>  Sat, 26 May 2012 09:40:17 +0200

typo3-src (4.5.16+dfsg1-1) unstable; urgency=low


  * New upstream release.
  * Fixed upstream version mangling for alpha/beta/rc upstream packages.
  * Added DM-Upload-Allowed: yes
  * Removed 0001-BUGFIX-Pagetree-broken-due-to-JavaScript-exception.patch
    (applied upstream).

 -- Christian Welzel <email address hidden>  Tue, 22 May 2012 17:00:53 +0200

typo3-src (4.5.15+dfsg1-2) unstable; urgency=low


  * Install localconf.php as localconf.php_template, and create localconf.php
    from it at install time. (Closes: 666237)
  * Added support for apache2.4, protected apache2.2 commands by check for
    apache2.2-common. (Closes: 669793, 618381)
  * Updated README.debian files. (Closes: 614140)

 -- Christian Welzel <email address hidden>  Sun, 22 Apr 2012 14:54:15 +0200

typo3-src (4.5.15+dfsg1-1) unstable; urgency=medium


  * New upstream release:
    - fixes: "TYPO3 Security Bulletin TYPO3-CORE-SA-2012-002: Cross-Site
      Scripting Vulnerability in TYPO3 Core" (Closes: 669158)
  * Database update for field uc in be_users.
  * Added bugfix patch for TYPO3 bug #36238.
  * Added patch for errors with PHP 5.4
  * Move Homepage field to source package.
  * Added Vcs-Git, changed Vcs-Browser to point to github
  * changed Homepage field to typo3.org
  * Cleanup of watch file.
  * Added comments to lintian overrides.
  * Raised compat level to 7.
  * Deleted typo3-src-4.5.examples because its empty.
  * Removed numbering from patches, changed order to alphabetical.
  * Changed index.html files to print warning about directory listing only,
    not redirect anymore.
  * Disable directory listing globally in apache config.

 -- Christian Welzel <email address hidden>  Sat, 21 Apr 2012 12:32:23 +0200

typo3-src (4.5.14+dfsg1-1) unstable; urgency=high


  * New upstream release:
    - fixes: "TYPO3 Security Bulletin TYPO3-CORE-SA-2012-001: Several
      Vulnerabilities in TYPO3 Core" (Closes: 666074)
  * Package descriptions rewritten
  * Reworked copyright file
  * Add RSA-Auth to default configuration
  * Fix description of patch 05-add-source-for-mediaplayer-swfs.patch
  * Added source for modernizr and and swfupload as debian-patches
  * Added target "get-orig-source" to rules to fetch upstream blankpackage.zip
    file and repack it to .tar.gz
  * Removed find-sql target from rules
  * Added target prepare-source to rules
  * Adopted watch file for zip download
  * Added note about creation of source package to README.source
  * Changed depend from ttf-dejavu to ttf-bitstream-vera. Adjusted symlink of
    vera.tff accordingly.
  * Refreshed patches for removed "dummy" directory.
  * Bumped standards version to 3.9.3
  * Added description to patches 07 and 08.

 -- Christian Welzel <email address hidden>  Wed, 28 Mar 2012 15:47:41 +0200

typo3-src (4.5.13+dfsg1-1) unstable; urgency=low


  * New upstream release.
  * Added Dutch debconf translation (Closes: 661129)
  * Ported patch 06-fix-im-command.patch to new class.t3lib_utility_command.php
  * Added description to patches
  * Removed embedded copy of swfobject, added depends on libjs-swfobject
  * Remove .gitignore from linkvalidator subfolder
  * Added lintian override
    typo3-dummy: init.d-script-does-not-implement-optional-option
  * Added lintian override for typo3-src-4.5: font-in-non-font-package
    (nimbus.ttf)
  * Rewritten short description of binary package typo3.

 -- Christian Welzel <email address hidden>  Sat, 17 Mar 2012 13:44:38 +0100

typo3-src (4.5.11+dfsg1-1) unstable; urgency=low


  * New upstream release.
  * Changed symlink of prototype.js to point to prototype-1.js instead
    of prototype-1.6.js (Closes: 651128)

 -- Christian Welzel <email address hidden>  Sat, 11 Feb 2012 21:51:10 +0100

typo3-src (4.5.10+dfsg1-1) unstable; urgency=medium


  * New upstream release:
   - fixes regression introduced with last update.

 -- Christian Welzel <email address hidden>  Sat, 24 Dec 2011 14:00:00 +0100

typo3-src (4.5.9+dfsg1-1) unstable; urgency=high


  * New upstream release:
    - fixes: "TYPO3 Security Bulletin TYPO3-CORE-SA-2011-004: Remote
      Code Execution in TYPO3 Core" (Closes: #652365)

 -- Christian Welzel <email address hidden>  Fri, 16 Dec 2011 20:00:00 +0100

typo3-src (4.5.8+dfsg1-1) unstable; urgency=medium


  * New upstream release.
  * Adopted patch 02-dummy-defaults.patch to new localconf.php.
  * Removed unused lintian override "embedded-php-library".
  * Added build-arch to build-indep rules.
  * Raised standards version to 3.9.2

 -- Christian Welzel <email address hidden>  Thu, 13 Dec 2011 20:00:00 +0100

typo3-src (4.5.6+dfsg1-1) unstable; urgency=high


  * New upstream release:
    - fixes: "TYPO3 Security Bulletin TYPO3-CORE-SA-2011-002: Potential
      SQL injection vulnerability in TYPO3 Core" (Closes: 641682)
    - fixes: "TYPO3 Security Bulletin TYPO3-CORE-SA-2011-003: Improper error
      handling could lead to cache flooding in TYPO3 Core" (Closes: 641683)

 -- Christian Welzel <email address hidden>  Thu, 15 Sep 2011 10:00:00 +0100

typo3-src (4.5.4+dfsg1-1) unstable; urgency=high
  * New upstream release:    - fixes: "TYPO3 Security Bulletin TYPO3-CORE-SA-2011-001: Multiple      vulnerabilities in TYPO3 Core" (Closes: 635937)  * Adopted patch 02-dummy-defaults.patch to new localconf.php.  * Removed typo3-dummy.examples, because its empty now. -- Christian Welzel <email address hidden>  Fri, 29 Jul 2011 20:00:00 +0100

typo3-src (4.5.3+dfsg1-1) unstable; urgency=low
  * New upstream release.  * Patches refreshed.  * debian/rules: set correct permissions for cron script. -- Christian Welzel <email address hidden>  Wed, 1 Jun 2011 22:00:00 +0100

typo3-src (4.5.2+dfsg1-1) unstable; urgency=low
  * New upstream release.  * Moved php5-xcache to Recommends and added php-apc as alternative.  * Removed 07-fix-beforeWrap-of-TMENU.patch (now included in upstream).  * Removed swiftmailer from typo3/contrib, added depend on libphp-swiftmailer.  * Added /usr/share/php/Swift/ to open_basedir in apache config. -- Christian Welzel <email address hidden>  Wed, 2 Mar 2011 22:00:00 +0100

typo3-src (4.5.0+dfsg1-3) unstable; urgency=low
  * Fix spelling error (Closes: 611482)  * Add patch to enable beforeWrap on TMENU (Closes: 606740) -- Christian Welzel <email address hidden>  Sun, 30 Jan 2011 22:00:00 +0100

typo3-src (4.5.0+dfsg1-2) unstable; urgency=low
  * Fix encoding of Swedish debconf translation    (Christian Perrier <email address hidden>).  * Removed mistakenly doubled content in mysql file (Closes: 611386).  * Add apache2.2-common to recommends. (Closes: #611387) -- Christian Welzel <email address hidden>  Sat, 29 Jan 2011 14:00:00 +0100

typo3-src (4.5.0+dfsg1-1) unstable; urgency=low
  * New upstream release.  * Removed dummy/misc from rules and typo3-src.examples  because its missing    in upstream.  * Removed plupload from copyright and rules (removed by upstream). -- Christian Welzel <email address hidden>  Sat, 15 Jan 2011 14:00:00 +0100

typo3-src (4.3.9+dfsg1-1) unstable; urgency=high
  * New upstream release:    - fixes: "TYPO3 Security Bulletin TYPO3-SA-2010-022: Multiple      vulnerabilities in TYPO3 Core" (Closes: 607286)  * Added source for player.swf and flvplayer.swf (see #591969).  * Corrected watch file.  * Added rule "dfsg" to rules to remove non free files. -- Christian Welzel <email address hidden>  Thu, 16 Dec 2010 22:00:00 +0100

typo3-src (4.3.8+dfsg1-2) unstable; urgency=low
  * Fixed wrong code removal from last version. -- Christian Welzel <email address hidden>  Fri, 28 Nov 2010 22:00:00 +0200

typo3-src (4.3.8+dfsg1-1) unstable; urgency=low
  * Removed typo3/contrib/jsmin/jsmin.php because of non free license    (Closes: 602250)  * Added notice about license of qtobject.js to copyright file.  * Added README.source. -- Christian Welzel <email address hidden>  Fri, 26 Nov 2010 22:00:00 +0200

typo3-src (4.3.8-1) unstable; urgency=medium


  * New upstream release:
    - fixes a regression introduced during last upstream release.

 -- Christian Welzel <email address hidden>  Wed, 13 Oct 2010 22:00:00 +0200

typo3-src (4.3.7-1) unstable; urgency=high


  * New upstream release:
    - fixes: "TYPO3 Security Bulletin TYPO3-SA-2010-020: Multiple
      vulnerabilities in TYPO3 Core" (Closes: 599334)
  * raised standards version to 3.9.1

 -- Christian Welzel <email address hidden>  Fri, 08 Oct 2010 22:00:00 +0200

typo3-src (4.3.5-1) unstable; urgency=high


  * New upstream release:
    - Fixes some regressions introduced in 4.3.4

 -- Christian Welzel <email address hidden>  Fri, 06 Aug 2010 22:00:00 +0200

typo3-src (4.3.3-2) unstable; urgency=low


  * Moved source format from "1.0" to "3.0 (quilt)".
  * Removed README.source.
  * Removed dpatch system.
  * Moved debian/patches/00list to debian/patches/series, modified it.
  * Moved debian/patches/*.dpatch to debian/patches/*.patch, removed
    dpatch specific code.
  * Changed dependency "libapache2-mod-php5 | php5-cgi" to "php5"

 -- Christian Welzel <email address hidden>  Wed, 05 May 2010 17:27:41 +0200

typo3-src (4.3.2-1) unstable; urgency=high


  * New upstream release:
    - fixes "TYPO3 Security Bulletin TYPO3-SA-2010-004: Multiple
      vulnerabilities in TYPO3 Core" (Closes: 571151)

 -- Christian Welzel <email address hidden>  Wed, 24 Feb 2010 22:00:00 +0100

typo3-src (4.3.1-2) unstable; urgency=low


  * fixed wrong link to prototype javascript library (Closes: 561095)
  * raised standards version to 3.8.4

 -- Christian Welzel <email address hidden>  Sat, 13 Feb 2010 15:00:00 +0100

typo3-src (4.3.1-1) unstable; urgency=high


  * New upstream release:
    - fixes "TYPO3 Security Bulletin TYPO3-SA-2010-001: Authentication
      Bypass in TYPO3 Core" (Closes: 567163)
  * fixed spelling error in typo3-database.README.Debian.

 -- Christian Welzel <email address hidden>  Fri, 29 Jan 2010 18:00:00 +0100

typo3-src (4.3.0-1) unstable; urgency=low


  * New upstream release.
  * Fixed "dpkg-gencontrol: Warnung: relation > is deprecated: use >> or >=".
  * debian/rules: Added target find-sql to get a list of important sql-files.
    (needed for maintainance only)
  * debian/mysql: SQL commands for populating mysql don't include help texts 
    anymore, to make the package smaller. They can be imported with the TYPO3
    database-assistant.

 -- Christian Welzel <email address hidden>  Thu, 03 Dec 2009 22:00:00 +0100

typo3-src (4.2.10-1) unstable; urgency=high


  * New upstream release.
    - fixes "TYPO3 Security Bulletin TYPO3-SA-2009-016: Multiple
      vulnerabilities in TYPO3 Core" (Closes: 552020)

 -- Christian Welzel <email address hidden>  Thu, 22 Oct 2009 22:00:00 +0100

typo3-src (4.2.9-1) unstable; urgency=low


  * New upstream release.

 -- Christian Welzel <email address hidden>  Mon, 12 Oct 2009 22:00:00 +0100

typo3-src (4.2.8-1) unstable; urgency=low


  * New upstream release.

 -- Christian Welzel <email address hidden>  Sat, 04 Jul 2009 17:00:00 +0100

typo3-src (4.2.6-1) unstable; urgency=high


  * New upstream release.
    - fixes TYPO3 Security Bulletin TYPO3-SA-2009-002: Information
      disclosure and XSS vulnerabilities in TYPO3 (Closes: 514713)

 -- Christian Welzel <email address hidden>  Mon, 10 Feb 2009 12:00:00 +0100

typo3-src (4.2.5-1) unstable; urgency=high


  * New upstream release.
    - fixes a serious bug in session handling with not logged in FE-Users.

 -- Christian Welzel <email address hidden>  Mon, 26 Jan 2009 20:00:00 +0100

typo3-src (4.2.4-1) unstable; urgency=high


  * New upstream release.
    - fixes TYPO3 Security Bulletin TYPO3-SA-2009-001: Multiple vulnerabilities
      in TYPO3 Core (Closes: 512608)
  * Updated package description.
  * Updated copyright file to list the license of two icons.

 -- Christian Welzel <email address hidden>  Thu, 22 Jan 2009 12:00:00 +0100

typo3-src (4.2.3-1) unstable; urgency=high


  * New upstream release.
    - fixes XSS vulnerability in Typo3 backendmodul "fileadmin" (Closes: 505324)
    - fixes XSS vulnerability in Typo3 sysext "felogin" (Closes: 505325)
    - fixes the passwords are not changeable bug in the backend (Closes: 505326)
  * added dependency on libjs-scriptaculous

 -- Christian Welzel <email address hidden>  Tue, 11 Nov 2008 20:00:00 +0100

typo3-src (4.2.2-1) unstable; urgency=low


  * New upstream release.

 -- Christian Welzel <email address hidden>  Thu, 09 Oct 2008 15:00:00 +0200