diff --git a/ChangeLog b/ChangeLog index 7167b8d5..2dfc002f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2019-12-06 Florian Schlichting + * use foreach() instead of deprecated each() (fixes #190) + * HTTP_REFERER will usually be unset for caldav requests, prevent "Undefined index" warnings + +2019-12-06 Niels van Gijzen + * Fix CSRF not being checked in collection-edit.php + 2019-11-29 Niels van Gijzen * Correct reflected cross-site scripting (XSS) vulnerability * Correct persistent XSS vulnerability in user/group/resource details diff --git a/VERSION b/VERSION index 45046ec1..61522dda 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.1.9.1 +1.1.9.2 diff --git a/debian/changelog b/debian/changelog index ad86cff6..e8600d80 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +davical (1.1.9.2-1) unstable; urgency=medium + + * New upstream release (closes: #934106) + + fixes CVE-2019-18345 CVE-2019-18346 CVE-2019-18347 (closes: #946343) + * Drop dependency on rst2pdf to clear the blocker for testing migration + * Use debian-compat dependency, level 12 + * Put API documentation into davical directory (instead of davical-doc), as + has been suggested by policy for a while + * Fix capitalization on Vcs- fields + * Declare compliance with Debian Policy 4.4.1 + * Add a basic upstream metadata file, as suggested by the Debian Janitor + + -- Florian Schlichting Thu, 12 Dec 2019 00:20:46 +0800 + davical (1.1.8-1) unstable; urgency=medium * New upstream release diff --git a/debian/compat b/debian/compat deleted file mode 100644 index ec635144..00000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -9 diff --git a/debian/control b/debian/control index 0f45befe..cd045aeb 100644 --- a/debian/control +++ b/debian/control @@ -4,17 +4,16 @@ Priority: optional Maintainer: Davical Development Team Uploaders: Andrew McMillan , Florian Schlichting -Standards-Version: 4.3.0 -Build-Depends: debhelper (>= 9), +Standards-Version: 4.4.1 +Build-Depends: debhelper-compat (= 12), dh-exec, jdupes, libawl-php (>= 0.60-1~), libawl-php (<< 0.61), gettext, doxygen, - php-cli | php5-cli, - rst2pdf -Vcs-git: https://gitlab.com/davical-project/davical.git -Vcs-browser: https://gitlab.com/davical-project/davical + php-cli | php5-cli +Vcs-Git: https://gitlab.com/davical-project/davical.git +Vcs-Browser: https://gitlab.com/davical-project/davical Homepage: https://www.davical.org/ Package: davical diff --git a/debian/davical-doc.doc-base.api b/debian/davical-doc.doc-base.api index aef7a3a8..236fe814 100644 --- a/debian/davical-doc.doc-base.api +++ b/debian/davical-doc.doc-base.api @@ -8,5 +8,5 @@ Abstract: Technical documentation for DAViCal documentation details the classes and methods in die DAViCal programs. Format: HTML -Index: /usr/share/doc/davical-doc/api/index.html -Files: /usr/share/doc/davical-doc/api/*.html +Index: /usr/share/doc/davical/api/index.html +Files: /usr/share/doc/davical/api/*.html diff --git a/debian/upstream/metadata b/debian/upstream/metadata new file mode 100644 index 00000000..2f85a3b6 --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1,2 @@ +Repository: https://gitlab.com/davical-project/davical.git +Repository-Browse: https://gitlab.com/davical-project/davical diff --git a/htdocs/always.php b/htdocs/always.php index 9ecf4247..d3e343e1 100644 --- a/htdocs/always.php +++ b/htdocs/always.php @@ -287,7 +287,7 @@ if ( function_exists('awl_set_locale') ) { */ $c->code_version = 0; $c->want_awl_version = '0.60'; -$c->version_string = '1.1.9.1'; // The actual version # is replaced into that during the build /release process +$c->version_string = '1.1.9.2'; // The actual version # is replaced into that during the build /release process if ( isset($c->version_string) && preg_match( '/(\d+)\.(\d+)\.(\d+)(.*)/', $c->version_string, $matches) ) { $c->code_major = $matches[1]; $c->code_minor = $matches[2];