Increase priority

[debian/mod-auth-mysql] / debian / changelog

mod-auth-mysql (4.3.9-11) unstable; urgency=medium

  * Change section web to net
  * Bumped standards version
  * Fix CVE-2008-2384: Encode strings securely via
    mysql_real_escape_string [013-CVE-2008-2384_charset.dpatch]

 -- Joey Schulze <joey@infodrom.org>  Wed, 21 Jan 2009 18:58:04 +0100

mod-auth-mysql (4.3.9-10) unstable; urgency=low

  * Document disabling BasicAuth and basic group file in USAGE
    [011-auth_basic.dpatch] (closes: Bug#502895, Bug#382242)
  * Add support for specifying the connection character set via
    Auth_MySQL_CharacterSet [012-charset.dpatch] (closes: Bug#356530)

 -- Joey Schulze <joey@infodrom.org>  Fri, 21 Nov 2008 17:07:25 +0100

mod-auth-mysql (4.3.9-9) unstable; urgency=low

  * Insert the copyright notice with names and note patches coming from
    the Debian community

 -- Joey Schulze <joey@infodrom.org>  Wed, 21 May 2008 07:55:27 +0200

mod-auth-mysql (4.3.9-8) unstable; urgency=low

  * New maintainer (closes: Bug#407360)
  * New source package name
  * Clarified history and license
  * Improve documentation wrt. Auth_MySQL_Group_Field [005-directives.dpatch]
  * Properly set unsigned char (i.e. 1-byte int) config variables, patch
    by Adrian Bridgett <adrian@smop.co.uk> [006-options.dpatch]
    (closes: Bug#287160,  Bug#385679, Bug#393769)
  * Stop altering the AUTH_MYSQL_VERSION with an old Debian revision
    [002-mysql_define]
  * Unify AuthMySQL_ and Auth_MySQL_ namespace [007-unify_namespace.dpatch]
  * Adjust the buffer size used by make_scrambled_password()
    [008-make_scrambled_password.dpatch] (closes: Bug#356064, Bug#346192,
    Bug#346194)
  * Adjust config parser data type for _Port to int, thanks to Lehel
    Bernadt <lehel@pmc-services.hu> [009-port-int.dpatch] (closes: Bug#356147)
  * Provide an Apache authentication method, thanks to Andreas Barth
    <aba@not.so.argh.org> [010-enctype-apache.dpatch] (closes: Bug#287547)

 -- Joey Schulze <joey@infodrom.org>  Thu, 15 May 2008 14:50:06 +0200

libapache-mod-auth-mysql (4.3.9-7) unstable; urgency=low

  * QA upload.
  * And actually add 004-reconnect.dpatch to debian/patches/00list...
    Thanks to Martin Schulze.

 -- Matej Vela <vela@debian.org>  Wed, 27 Feb 2008 16:05:31 +0100

libapache-mod-auth-mysql (4.3.9-6) unstable; urgency=low

  * QA upload.
  * debian/rules: Gah, don't break if the Makefile isn't there.
    Closes: #465630.

 -- Matej Vela <vela@debian.org>  Wed, 13 Feb 2008 19:25:22 +0100

libapache-mod-auth-mysql (4.3.9-5) unstable; urgency=low

  * QA upload.
  * debian/patches/004-reconnect.dpatch: Automatically re-establish
    connections with MySQL 5.0.3+.  Thanks to Johann Glaser for the patch.
    Closes: #420010.
  * debian/rules: Let dh_strip handle DEB_BUILD_OPTIONS=nostrip.
    Closes: #437310.
  * debian/rules: Remove support for DEB_BUILD_OPTIONS=debug.
  * debian/rules: Don't ignore errors from `make distclean'.
  * Conforms to Standards version 3.7.3.

 -- Matej Vela <vela@debian.org>  Tue, 12 Feb 2008 15:55:39 +0100

libapache-mod-auth-mysql (4.3.9-4) unstable; urgency=low

  * QA upload.
  * Stop building libapache-mod-auth-mysql (Closes: #429104)
  * Remove B-D on apache-dev
  * Lets set DH_COMPAT in debian/compat, not debian/rules
  * Update debian/rules not to build the apache13 module anymore.
  * Conforms with latest Standards Version 3.7.2

 -- Michael Ablassmeier <abi@debian.org>  Tue, 19 Jun 2007 11:09:00 +0200

libapache-mod-auth-mysql (4.3.9-3) unstable; urgency=medium

  * QA Upload
  * Set maintainer to Debian QA Group <packages@qa.debian.org>.
  * apache2 module depends now on apache2.2-common.
  * Removed the ,,changes* directories from the diff.gz.
  * Use now make distclean instead of make clean in debian/rules.
  * Build-depend now on dpatch.
  * Build-depend now on debhelper 5 instead of 4.
  * Converted the patches to dpatch.
  * Applied a patch to fix FTBFS against apache2.2 (Closes: #389579).
    Thanks to Julian Calaby for the patch.

 -- Mario Iseli <admin@marioiseli.com>  Sun, 11 Feb 2007 14:04:10 +0100

libapache-mod-auth-mysql (4.3.9-2.1) unstable; urgency=medium

  * Non-maintainer upload.
    Rebuild against libmysqlclient15. Closes: #343771 

 -- Christian Hammers <ch@debian.org>  Tue, 21 Feb 2006 21:43:01 +0100

libapache-mod-auth-mysql (4.3.9-2) unstable; urgency=low

  * Rebuild for libmysqlclient12.  Closes: #298671.
  * Clarify USAGE for md5 passwords.  Closes: #298071.

 -- Matthew Palmer <mpalmer@debian.org>  Thu, 10 Mar 2005 08:48:03 +1100

libapache-mod-auth-mysql (4.3.9-1) unstable; urgency=low

  * New upstream release, which codifies the way that multiple require
    statements are meant to work.

 -- Matthew Palmer <mpalmer@debian.org>  Fri, 24 Dec 2004 00:30:40 +1100

libapache-mod-auth-mysql (4.3.8-1) unstable; urgency=low

  * Now converted to a non-native package, as I've got a user who is not a
    Debianite.
  * Fixed the configure script to properly detect whether libcrypt needs to
    be a separate library.
  * Guarded all instances of CRYPT_DES_ENCRYPTION_FLAG, so you can build the
    module without crypt() being present.

 -- Matthew Palmer <mpalmer@debian.org>  Fri,  5 Nov 2004 22:07:14 +1100

libapache-mod-auth-mysql (4.3.7) unstable; urgency=low

  * Added a new encryption type, SHA1Sum, using a patch kindly prepared by
    Joseph Walton.  Closes: #271730.

 -- Matthew Palmer <mpalmer@debian.org>  Mon, 20 Sep 2004 10:26:41 +1000

libapache-mod-auth-mysql (4.3.6) unstable; urgency=high

  * Fixed a security bug where an error in the execution of
    mysql_check_group() causes the group check to succeed.  Closes: #271721.
    Thanks to Joseph Walton for finding the problem and providing a patch.

 -- Matthew Palmer <mpalmer@debian.org>  Wed, 15 Sep 2004 10:59:26 +1000

libapache-mod-auth-mysql (4.3.5) unstable; urgency=high

  * High urgency on the request of Adam Conrad to try and get Apache2
    through for Sarge.
  * Rebuild to back out the ill-fated apache2 LFS transition (so much for
    comprehensive testing...) Closes: #267354.
  * Bumped the apache2-*-dev build-dep and apache2 dep to >= 2.0.50-10.

 -- Matthew Palmer <mpalmer@debian.org>  Sun, 22 Aug 2004 21:08:58 +1000

libapache-mod-auth-mysql (4.3.4) unstable; urgency=medium

  * Rebuild to support new Apache2 ABI.  Closes: #266177.

 -- Matthew Palmer <mpalmer@debian.org>  Tue, 17 Aug 2004 10:01:34 +1000

libapache-mod-auth-mysql (4.3.3) unstable; urgency=low

  * Really fixed the multi-group checking.  Seems I put the "you're not
    invited" return at the wrong scope.  Where's my dwim() function, dammit.
    Closes: #257879 (I promise).

 -- Matthew Palmer <mpalmer@debian.org>  Fri, 13 Aug 2004 00:23:02 +1000

libapache-mod-auth-mysql (4.3.2) unstable; urgency=low

  * Fixed multi-group checking; if multiple groups are listed in the
    'require group' directive, the code only checked for the first one.
    Thanks to Karsten Richter for finding the bug and fixing it.
    Closes: #257879.
  * Cleaned up a define and associated bits to allow compilation under
    gcc-2.95.  And we didn't even need a versioned build-depends.
    Closes: #258030.

 -- Matthew Palmer <mpalmer@debian.org>  Fri,  6 Aug 2004 20:19:43 +1000

libapache-mod-auth-mysql (4.3.1) unstable; urgency=low

  * Determined that safe_mysql_query() wasn't retrying on some retryable
    errors, and fixed it up so that it retries once if the server wandered
    off before we started.  Closes: #255985.

 -- Matthew Palmer <mpalmer@debian.org>  Sun, 27 Jun 2004 21:34:59 +1000

libapache-mod-auth-mysql (4.3.0) unstable; urgency=low

  * Two new directives, Auth_MySQL_DefaultPort and Auth_MySQL_DefaultSocket. 
  * Related to the above, the specification of port or socket as part of the
    hostname is no longer permitted.  Hopefully nobody got too attached to
    that, as it wasn't documented as such anyway.
  * Straightened out various bits of twisty code.
  * Removed the crazy host/port/socket parsing code which (I believe) was
    causing all the screwed up hostname grief.  Closes: #251704.

 -- Matthew Palmer <mpalmer@debian.org>  Wed, 16 Jun 2004 17:39:10 +1000

libapache-mod-auth-mysql (4.2.1) unstable; urgency=low

  * Added some directives to the Apache2 config handler which were somehow
    missed in the initial conversion.  Closes: #252455.
  * Fixed a string termination issue in the connection code.
    Closes: #251704.

 -- Matthew Palmer <mpalmer@debian.org>  Fri,  4 Jun 2004 10:28:21 +1000

libapache-mod-auth-mysql (4.2.0) unstable; urgency=low

  * Applied a patch from Takeshi Murakami to add Apache 2 support and the
    ability to specify a port number or socket file (for those times you
    just gotta do it).  Closes: #231667.  Many thanks to Takeshi for taking
    the time to do the Apache2 conversion (which appears to have been a fair
    bit of work).
      - Updated DIRECTIVES for the new port/socket specifiers.
      - Added new --with-apache and --with-apache2 ./configure options to
        enable/disable build support for both modules.
      - New binary package, libapache2-mod-auth-mysql, to provide the
        apache2-compiled version of m-a-m.  Closes: #248415.  Also updated
        build-deps and all that sort of thing.  Small parts shamelessly
        stolen from libapache2-mod-auth-pgsql.
  * Bumped standards version; no changes needed.
  * Reversed the sense of the persistent check on connection close; the
    program now behaves like it's documentation.  Closes: #243995.

 -- Matthew Palmer <mpalmer@debian.org>  Tue, 11 May 2004 15:09:07 +1000

libapache-mod-auth-mysql (4.1.8) unstable; urgency=low

  * Added conditionals and more calls to modules-config so that the module
    will install nicely into all apache flavours.  Closes: #226425.
  * Applied a functionality improvement from Jakub Stachowski to add some
    arbitrary SQL to the end of a query, to improve matching.
    Closes: #221923.

 -- Matthew Palmer <mpalmer@debian.org>  Fri, 16 Jan 2004 12:47:46 +1030

libapache-mod-auth-mysql (4.1.7) unstable; urgency=low

  * Added a postinst and postrm which should add and remove the module from
    Apache's module list.  Closes: #220239
  * Thwap!  Forgot that sec->user_field might be NULL, so we shouldn't set
    auth_user_field to it if it's empty.
  * Added more ways to set user_group_field in the group checking query.
    Also added a default, so it'll never be NULL.
  * Some punctuation changes in the group check query string.
  * Tracked down a particularly vicious segfault (and fixed another bug in
    the process).
  * Finally tracked down the cause of require groups not working.
    Closes: #216859.  Many thanks to Stephen Leclerc for putting up with my
    many fruitless debugging attempts, since I couldn't reproduce the
    problem on my systems, but it was consistent for him.

 -- Matthew Palmer <mpalmer@debian.org>  Wed, 19 Nov 2003 00:02:10 +1100

libapache-mod-auth-mysql (4.1.6) unstable; urgency=low

  * Escaped $ signs in MD5 configure test, so it works properly.  Thanks to
    Emmanuel Lacour for working this one out.  (Closes: #212179)

 -- Matthew Palmer <mpalmer@debian.org>  Wed, 24 Sep 2003 09:39:06 +1000

libapache-mod-auth-mysql (4.1.5) unstable; urgency=low

  * Applied patch supplied by Martin Kos to allow groups of a user to be
    specified as a MySQL SET.  (Closes: #200535)

 -- Matthew Palmer <mpalmer@debian.org>  Sun, 13 Jul 2003 19:00:17 +1000

libapache-mod-auth-mysql (4.1.4.1) unstable; urgency=low

  * Yet more #ifdef'd debugging, since I suspect a need for more sacrificial
    lambs.

 -- Matthew Palmer <mpalmer@debian.org>  Fri, 16 May 2003 17:37:15 +1000

libapache-mod-auth-mysql (4.1.4) unstable; urgency=low

  * Now with a log message indicating "auth failed".
  * More logging around query generation, to solve a mysterious bug.
  * USAGE a little more detailed on the subject of encryption types. 
    (Closes: #192098)

 -- Matthew Palmer <mpalmer@debian.org>  Wed,  7 May 2003 17:18:17 +1000

libapache-mod-auth-mysql (4.1.3) unstable; urgency=low

  * Updated the Build-Deps to point to the LGPL'd libmysqlclient10-dev,
    rather than the GPL'd libmysqlclient-dev (which is actually lmc12-dev
    now).  Pesky licenses.  Closes: #189212.

 -- Matthew Palmer <mpalmer@debian.org>  Wed, 16 Apr 2003 17:05:22 +1000

libapache-mod-auth-mysql (4.1.2) unstable; urgency=low

  * FFS... Automade makefiles suck.  Duplicated the cleaning action of make
    distclean in debian/rules.  Closes: #189107.

 -- Matthew Palmer <mpalmer@debian.org>  Wed, 16 Apr 2003 09:09:58 +1000

libapache-mod-auth-mysql (4.1.1) unstable; urgency=low

  * New version numbering scheme.  Screw this upstream-debian thing, I *am*
    the damn upstream (oooh, I love the power).
  * Fixed the blasted zombie connection problem.  Simple really - as long as
    Apache played ball (which it didn't).  Closes: #184443.  Yippee!  Much
    thanks *must* go to john@pensol.com who did the hard work of identifying
    the exact circumstances under which this bug occured, and provided a
    fair bit of the logic required to fix it.
  * Added analogous Auth_MySQL_Group_User_Field command, fixed code to align
    with documentation (group_user is the same as the username field, by
    default).  All together, Closes: #187678.

 -- Matthew Palmer <mpalmer@debian.org>  Mon, 14 Apr 2003 23:27:08 +1000

libapache-mod-auth-mysql (4.1.0-2) unstable; urgency=low

  * Added not null qualifier in USAGE so that it's valid MySQL.
    (Closes: #178191)
  * Added the DIRECTIVES file to the documentation.  (Closes: #181692)

 -- Matthew Palmer <mpalmer@debian.org>  Thu, 20 Feb 2003 13:06:21 +1100

libapache-mod-auth-mysql (4.1.0-1) unstable; urgency=low

  * New upstream version.
  * Modified rules to accomodate new configure script.

 -- Matthew Palmer <mpalmer@debian.org>  Wed, 13 Nov 2002 01:25:13 +1100

libapache-mod-auth-mysql (4.0.0-3) unstable; urgency=low

  * Removed the custom APLOG_MARK I defined - it really isn't necessary, and
    just makes the logfile uglier.
  * Uncommented the check to see if the module has been disabled in config.
    Another one of those "WTF?" moments.  (Closes: #166458)
  * Hunted down all error messages which don't involve errno and explicitly
    set errno to 0 (to avoid weird errors in logging messages).

 -- Matthew Palmer <mpalmer@debian.org>  Sun, 10 Nov 2002 15:24:27 +1100

libapache-mod-auth-mysql (4.0.0-2) unstable; urgency=low

  * Uncomment the Auth_MySQL directives from the directives list.  Why it
    ever got commented in the first place is completely beyond me.
    (Closes: #164321)

 -- Matthew Palmer <mpalmer@debian.org>  Thu, 17 Oct 2002 09:30:54 +1000

libapache-mod-auth-mysql (4.0.0-1) unstable; urgency=low

  * New upstream release.  Mostly just a merge of two differing versions of
    the upstream software, as well as some minor fiddling.

 -- Matthew Palmer <mpalmer@debian.org>  Sat, 28 Sep 2002 12:43:46 +1000

libapache-mod-auth-mysql (3.2-2) unstable; urgency=low

  * Added support for PHP-style MD5 hashes.  (Closes: #158287)
  * New maintainer, at the consent of the previous maintainer.  Thanks to
    Matthew Wilcox for his work on the package to date.
  * Bumped standards-version to 3.5.7.
  * Integrated debhelper a bit more, DH_COMPAT=4.
  * New version. (Closes: #100692)

 -- Matthew Palmer <mpalmer@debian.org>  Mon, 23 Sep 2002 11:08:57 +1000

libapache-mod-auth-mysql (3.2-1) unstable; urgency=low

  * Split from apache 1.3.22-5 package to reduce apache dependencies.

 -- Matthew Wilcox <willy@debian.org>  Wed,  9 Jan 2002 15:15:23 -0700