elog (2.9.2+2014.05.11git44800a7-2) unstable; urgency=low

  * debian/control:
    - fckeditor is no longer required but only suggested
    - Standards-Version to 3.9.6

 -- Roger Kalt <roger.kalt@gmail.com>  Thu, 23 Oct 2014 20:00:00 +0200

elog (2.9.2+2014.05.11git44800a7-1) unstable; urgency=low

  * Reintroduction into Debian (Closes: #748800)
  * New upstream release grabbed from git repository
  * KRB5 Kerberos authentication and SSL are enabled in the Debian binaries

 -- Roger Kalt <roger.kalt@gmail.com>  Sun, 11 May 2014 19:49:51 +0200

elog (2.6.3+r1764-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix bashism in postinst script (Closes: #472224)
  * debian/control:
    - Bump Standards-Version to 3.7.3.
    - Use Homepage: field for upstream URL.

 -- Chris Lamb <chris@chris-lamb.co.uk>  Sat, 12 Apr 2008 04:28:55 +0100

elog (2.6.3+r1764-1) unstable; urgency=low

  * New upstream release grabbed from Subversion (r1764).

 -- Recai Oktaş <roktas@debian.org>  Wed, 29 Nov 2006 01:36:26 +0200

elog (2.6.2+r1754-1) unstable; urgency=low

  * New upstream release grabbed from Subversion (r1754), includes
    fixes for a bunch of security issues[1]:
    + Fixes from Ulf Harnhammar (Debian Security Audit Project):
      - There are some incorrect handling of *printf() calls and format
        strings. They lead to ELOG crashing completely, with the potential
        of executing arbitrary machine code programs, when a user uploads
        and submits as the first attachment in an entry a file called
        "%n%n%n%n" - or similar - which must not be empty.
      - There is a Cross-site Scripting issue when requesting correctly
        named but non-existant files for downloading.
      - There are also Cross-site Scripting issues when creating new
        entries with New. If a document sends data to ELOG where the fields
        Type and Category contain invalid entries with HTML code, the
        resulting error document will print the Type or Category data as-is
        with no quoting.
    + Fixes from OS2A team (credits go to Jayesh KS and Arun Kethipelly):
      - Remote exploitation of a denial of service vulnerability in ELOG's
        elogd server allows attackers to crash the service, thereby
        preventing legitimate access.  (Closes: #397875)
    [1] Leaving #392016 open for the reasons stated in that report.

 -- Recai Oktaş <roktas@debian.org>  Sat, 11 Nov 2006 19:47:39 +0200

elog (2.6.2+r1719-1) unstable; urgency=critical

  * Urgency set to critical because of the security issues.
  * New upstream release grabbed from Subversion (r1719).
    + Fix an XSS vulnerability, which occurs when editing a log entry
      in HTML mode.  (Closes: #389361)

 -- Recai Oktaş <roktas@debian.org>  Thu, 28 Sep 2006 01:36:38 +0300

elog (2.6.1+r1695-0unofficial) unstable; urgency=low

  * Improve README.Debian, (thanks K. David Prince).
  * New upstream release.

 -- Recai Oktaş <roktas@debian.org>  Thu,  6 Jul 2006 14:54:48 +0300

elog (2.6.1+r1642-1) unstable; urgency=critical

  * New upstream release grabbed from Subversion (r1642).
    + Really fix the security issue CVE-2005-4439.
  * Sigh!  Previous upload has some flaws:
    + Install elcode.js and other resoure files.  ElCode editor buttons
      should work now (thanks K. David Prince).
    + debian/update: Modify it to catch such sort of errors.
    + Really remove debian/watch.
    + Fix the pbuilder DEBEMAIL field which made the previous upload appear 
      as an NMU.
  * Add a Debian spesific note about the usage of password files in Elog.
  * Urgency set to critical for security fix.

 -- Recai Oktaş <roktas@debian.org>  Fri, 27 Jan 2006 10:27:44 +0200

elog (2.6.1+r1638-1) unstable; urgency=critical

  * New upstream release grabbed from Subversion (r1638).  Fix serious 
    security bugs (thanks to Florian Weimer).  (Closes: #349528)
    + "Do not distinguish between invalid user name and invalid password
       for security reasons"
    + "Fixed infinite redirection with ?fail=1"
    + "Prohibit '..' in URLs" [CVE-2006-0347]
    + "Fixed potential buffer overflows" [CVE-2005-4439]
    + "Added IP address to log file"
  * Urgency set to critical because of the security issues.
  * Upstream code has been migrated to Subversion.  Change package naming 
    scheme so as to track Subversion releases, instead of CVS.
  * Use Subversion exports as pristine sources directly.  In the older 
    versions, we used to rely on the upstream's build script.
  * debian/postrm: Purge cleanly even no logbook has been created.  This 
    situation occurs, for example, when elog is tested with piuparts.  It's 
    because, in fact, elogd can not dynamically create logbooks/demo in 
    postinst stage.  (Closes: #339958)
  * debian/control: Bump Standarts-Version to 3.6.2.
  * debian/rules: Add -lutil to LIBS.
  * debian/update: New utility for easy updates. 
  * debian/watch: Remove unneeded file.

 -- Recai Oktaş <roktas@debian.org>  Thu, 26 Jan 2006 21:45:44 +0200

elog (2.6.0beta2+r1716-1) unstable; urgency=low

  * New upstream beta release with the latest changes from CVS (r1.1716).
    + Features a simple markup called ELCode, a special set of tags to
      format an ELOG entry.  The ELCode tags are similar to the BBCode
      tags (phpBB), sometimes also referred as vB code.
  * Add Turkish ELOG translation.
  * Apply a patch to suppress GCC4-related signedness warnings.
  * debian/control:
    + Bump Standarts-Version to 3.6.2.
    + Rewrite description; needs a proof-read by a native English speaker.
  * debian/copyright: Clarify the copyright.
  * debian/rules:
    + Switch to dephelper compat 4.
    + Get rid of multiple dh_installs by using an '.install' file.
    + Remove the redundant INSTALL_PROGRAM logic.

  [These issues were pointed out by Marc 'HE' Brockschmidt; thanks Marc!]

 -- Recai Oktaş <roktas@omu.edu.tr>  Mon, 25 Jul 2005 13:36:09 +0300

elog (2.5.9+r1674-1) unstable; urgency=high

  * Latest upstream from CVS (r1.674).
    + Includes the fix for a buffer overflow: r1.648.
    + See CVS logs for all changes:
    	http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c
  * Urgency set to high because of the security issue.
  * Remove redundant debian/dirs file.

 -- Recai Oktaş <roktas@omu.edu.tr>  Sun, 29 May 2005 19:53:50 +0300

elog (2.5.9+r1646-1) unstable; urgency=high

  * New upstream release with the latest changes from CVS (r1.646).
    + Includes the fix for a possible buffer overflow.
    + See CVS logs for all changes:
    	http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c
  * Urgency set to high because of the security issue.

 -- Recai Oktaş <roktas@omu.edu.tr>  Wed,  4 May 2005 11:46:43 +0300

elog (2.5.8+r1637-1) unstable; urgency=low

  * New upstream release with the latest changes from CVS (r1.637).
    See CVS logs for changes:
    	http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c
  * Add a few contributed scripts and documents:
    + Script for thumbnails creation.
    + Document which explains the steps for securing ELOG using SSL
      and Apache.
  * Minor changes in description.  This needs a proof-read.
  * Move example files in debian to debian/examples subdirectory.
  * debian/postinst: Fix welcome message.

 -- Recai Oktaş <roktas@omu.edu.tr>  Wed, 27 Apr 2005 09:40:12 +0300

elog (2.5.7+r1558-1) unstable; urgency=high

  * Latest upstream from CVS (r1.528):
    + Security update. Resolves the following issues:
      CAN-2005-0439: buffer overflow.
      CAN-2005-0440: authentication bypass to download sensitive data.
    + Fixes for a bunch of other bugs.  (Closes: #294498)

 -- Recai Oktaş <roktas@omu.edu.tr>  Mon, 14 Feb 2005 18:36:39 +0200

elog (2.5.6+r1548-1) unstable; urgency=low

  * New upstream plus latest fixes from CVS (r1.526).

 -- Recai Oktaş <roktas@omu.edu.tr>  Wed, 26 Jan 2005 10:12:45 +0200

elog (2.5.5+r1526-1) unstable; urgency=medium

  * Latest upstream from CVS (r1.526).  (Closes: #285832, #285834)
  * Update elogd(8) and elog(1) for the new options.
  * Minor doc fix for elogd.c.

 -- Recai Oktaş <roktas@omu.edu.tr>  Sun, 26 Dec 2004 16:37:10 +0200

elog (2.5.5+r1517-1) unstable; urgency=low

  * Latest upstream from CVS (r1.4517).  See CVS logs for changes:
    http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c
  * Upstream Makefile didn't inherite the CFLAGS in debian/rules, apply a
    patch for the problem which will probably be included in the next upstream
    commits.

  * debian/postrm: Fix a potential bug.

 -- Recai Oktaş <roktas@omu.edu.tr>  Mon,  6 Dec 2004 01:08:29 +0200

elog (2.5.4+r1480-1) unstable; urgency=low

  * Latest upstream from CVS (r1.480).  See CVS logs for changes:
    http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c

 -- Recai Oktaş <roktas@omu.edu.tr>  Thu, 23 Sep 2004 04:19:22 +0300

elog (2.5.4+r1478-1) unstable; urgency=low

  * Latest upstream from CVS (r1.478).  See CVS logs for changes:
    http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c

 -- Recai Oktaş <roktas@omu.edu.tr>  Sun, 19 Sep 2004 15:07:05 +0300

elog (2.5.4+r1459-1) unstable; urgency=high

  * debian/rules: Fix the serious bug which assigns a string value to
    DEFAULT_PORT, instead of an integer.  This stupid bug also gives an
    FTBFS on ia64 which helps me to notice it, my bad.
  * Urgency set to high because of the serious bug.
  * Grab the latest upstream from CVS (r1.459): Fix some memory leaks.
  * Reflect the grabbed version to upstream source name.
  * debian/postinst:
    + Use canonical code for daemon start, make sure to return true in 
      an effort to make the installation more robust.
    + Remove some Bashism.
  * debian/prerm:
    + Use canonical code for daemon stop, make sure to return true.
    + Remove some Bashism.
  * debian/postrm: Return true when removing the init script.

 -- Recai Oktaş <roktas@omu.edu.tr>  Thu, 12 Aug 2004 01:46:53 +0300

elog (2.5.4-1) unstable; urgency=low

  * New upstream release (Closes: #258638).  Some highlights:
    + Supports remote side logbook cloning.
    + Uses syslog for all messages when running as a daemon.
  * Apply the post 2.5.4 changes from CVS (r1.450).
  * Recode the maintainer name as UTF-8 in all relevant files.
  * debian/rules: Change CFLAGS to make use of the new CONFIG_PATH/CFGFILE.
  * debian/init.d:
    + Set per option variables instead of a single ARGS variable when 
      sourcing /etc/default/elog.
    + Check pid file to report startup errors.
  * debian/README.Debian: Update for the new /etc/default/elog handling.
  * debian/control:
    + Rewrite description.
    + Bump Standarts-Version to 3.6.1.
  * debian/watch: Change to version 2 style.

 -- Recai Oktaş <roktas@omu.edu.tr>  Sun, 08 Aug 2004 02:21:05 +0300

elog (2.5.1-1) unstable; urgency=low

  * New upstream release.
  * README.Debian: Improved.

 -- Recai Oktaş <roktas@omu.edu.tr>  Sat, 21 Feb 2004 01:42:52 +0200

elog (2.5.0-3) unstable; urgency=low

  * doc/contrib: New directory for contributed files.
  * doc/examples/elog-webnotes.conf: New example configuration.
  * debian/postinst: Remove some obsolete code.

 -- Recai Oktaş <roktas@omu.edu.tr>  Fri,  6 Feb 2004 21:13:48 +0200

elog (2.5.0-2) unstable; urgency=low

  * Cosmetic changes.

 -- Recai Oktaş <roktas@omu.edu.tr>  Sun,  1 Feb 2004 04:28:52 +0200

elog (2.5.0-1) unstable; urgency=low

  * New upstream release.

 -- Recai Oktaş <roktas@omu.edu.tr>  Thu, 29 Jan 2004 20:08:15 +0200

elog (2.4.1-1) unstable; urgency=low

  * New upstream release.
  * Cosmetic changes.

 -- Recai Oktaş <roktas@omu.edu.tr>  Tue, 27 Jan 2004 01:48:59 +0200

elog (2.3.9-1) unstable; urgency=low

  * New upstream release.

 -- Recai Oktaş <roktas@omu.edu.tr>  Thu, 17 Jul 2003 16:06:09 +0300

elog (2.3.8-1) unstable; urgency=low

  * New upstream release.
  * debian/postinst: Remove a temporary file creation using the new
    piping feature of 'elog'.

 -- Recai Oktaş <roktas@omu.edu.tr>  Sat,  7 Jun 2003 16:36:43 +0300

elog (2.3.7-1) unstable; urgency=low

  * New upstream release.

 -- Recai Oktaş <roktas@omu.edu.tr>  Thu, 15 May 2003 18:18:28 +0300

elog (2.3.6-1) unstable; urgency=low

  * New upstream release.

 -- Recai Oktaş <roktas@omu.edu.tr>  Fri, 25 Apr 2003 17:56:16 +0300

elog (2.3.5-1) unstable; urgency=low

  * New upstream release.

 -- Recai Oktaş <roktas@omu.edu.tr>  Wed,  9 Apr 2003 15:30:04 +0300

elog (2.3.4-1) unstable; urgency=low

  * New upstream release.
  * debian/prerm: New file.
  * debian/rules: Changed 'dh_installinit' call.
  * debian/postinst: Fixed -- daemon was not restarted after an upgrade.

 -- Recai Oktaş <roktas@omu.edu.tr>  Fri,  4 Apr 2003 02:30:55 +0300

elog (2.3.3-2) unstable; urgency=low

  * Fix documentation and upgrade notice to prevent confusions.

 -- Recai Oktaş <roktas@omu.edu.tr>  Mon, 17 Mar 2003 00:47:47 +0200

elog (2.3.3-1) unstable; urgency=low

  * New upstream release.
  * Compile with FHS compliant defaults.
  * Create user/group 'elog' to run under.
  * Update init script to utilize the compiled defaults.
  * Rewrite the install scripts to conform upstream changes.
  * Improve free port search.
  * Remove '/etc/default/elog' (keep the support for it, though).
  * Remove 'dpkg-statoverride' support (which seems irrevelant).
  * Remove 'prerm' script.
  * Add new config examples.
  * Add a notice for upgrade.
  * Fix a few bugs in 'postrm'.

 -- Recai Oktaş <roktas@omu.edu.tr>  Sun, 16 Mar 2003 16:35:35 +0200

elog (2.3.1-1) unstable; urgency=low

  * New upstream release.

 -- Recai Oktaş <roktas@omu.edu.tr>  Fri, 21 Feb 2003 18:54:51 +0200

elog (2.3.0-1) unstable; urgency=low

  * New upstream.
  * Add doc-base entry for ELOG manual.
  * Submit a welcome message for the first time users.
  * Add support for 'dpkg-statoverride'.
  * Assign the logbooks to group 'elog' as sgid.
  * Automatically find a free port for daemon.
  * Massive rearrangements in scripts.

 -- Recai Oktaş <roktas@omu.edu.tr>  Sat,  8 Feb 2003 00:22:56 +0200

elog (2.2.5-1) unstable; urgency=low

  * Initial release.

 -- Recai Oktaş <roktas@omu.edu.tr>  Fri, 10 Jan 2003 02:04:10 +0200

