Roland Mas wrote: > Hi, > > I just uploaded a new version of gforge, with the following changes: > > * More input sanitisation, fixing more cross-site scripting > vulnerabilities. Again, security implications cause the high urgency. > * Also, make sure that the registration procedure happens over SSL. > * New debconf templates translations, thanks to Jacobo Tarrio > <jtarrio@trasno.net> for Galician (closes: #412917), Miroslav Kure > <kurem@upcase.inf.upol.cz> for Czech (closes: #409655), and Ricardo > Silva <ardoric@gmail.com> for Portuguese (closes: #413750). > * Stopped enabling pgsql.so and gd.so in php.ini, since they're enabled > in separate files by the respective packages. > > I guess the last item warrants some explanation: php4 modules are > now enabled by default (each package ships a .ini file with the > appropriate "extension=foo.so" magic); gforge previously contained > code to add that magic line to php.ini (with the user's permission, of > course). In the case of the pgsql extension at least, loading the > module twice made it cease to work, with a confusing error message. > Removing the extra invocation fixes the problem. > > I'd like to request a freeze exception for that package. This revision introduces the following directory which I assume shouldn't be included? If so, please remove it in a new upload. ,,commit.gforge--debian--4.5--patch-31--lolando@users.alioth.debian.org--bazaar-0.1173259385.14756.11 Cheers Luk -- Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D Fingerprint: D5AF 25FB 316B 53BB 08E7 F999 E544 DE07 9B7C 328D
Attachment:
signature.asc
Description: OpenPGP digital signature