mod-auth-mysql (4.3.9-11) unstable; urgency=medium * Change section web to net * Bumped standards version * Fix CVE-2008-2384: Encode strings securely via mysql_real_escape_string [013-CVE-2008-2384_charset.dpatch] -- Joey Schulze Wed, 21 Jan 2009 18:58:04 +0100 mod-auth-mysql (4.3.9-10) unstable; urgency=low * Document disabling BasicAuth and basic group file in USAGE [011-auth_basic.dpatch] (closes: Bug#502895, Bug#382242) * Add support for specifying the connection character set via Auth_MySQL_CharacterSet [012-charset.dpatch] (closes: Bug#356530) -- Joey Schulze Fri, 21 Nov 2008 17:07:25 +0100 mod-auth-mysql (4.3.9-9) unstable; urgency=low * Insert the copyright notice with names and note patches coming from the Debian community -- Joey Schulze Wed, 21 May 2008 07:55:27 +0200 mod-auth-mysql (4.3.9-8) unstable; urgency=low * New maintainer (closes: Bug#407360) * New source package name * Clarified history and license * Improve documentation wrt. Auth_MySQL_Group_Field [005-directives.dpatch] * Properly set unsigned char (i.e. 1-byte int) config variables, patch by Adrian Bridgett [006-options.dpatch] (closes: Bug#287160, Bug#385679, Bug#393769) * Stop altering the AUTH_MYSQL_VERSION with an old Debian revision [002-mysql_define] * Unify AuthMySQL_ and Auth_MySQL_ namespace [007-unify_namespace.dpatch] * Adjust the buffer size used by make_scrambled_password() [008-make_scrambled_password.dpatch] (closes: Bug#356064, Bug#346192, Bug#346194) * Adjust config parser data type for _Port to int, thanks to Lehel Bernadt [009-port-int.dpatch] (closes: Bug#356147) * Provide an Apache authentication method, thanks to Andreas Barth [010-enctype-apache.dpatch] (closes: Bug#287547) -- Joey Schulze Thu, 15 May 2008 14:50:06 +0200 libapache-mod-auth-mysql (4.3.9-7) unstable; urgency=low * QA upload. * And actually add 004-reconnect.dpatch to debian/patches/00list... Thanks to Martin Schulze. -- Matej Vela Wed, 27 Feb 2008 16:05:31 +0100 libapache-mod-auth-mysql (4.3.9-6) unstable; urgency=low * QA upload. * debian/rules: Gah, don't break if the Makefile isn't there. Closes: #465630. -- Matej Vela Wed, 13 Feb 2008 19:25:22 +0100 libapache-mod-auth-mysql (4.3.9-5) unstable; urgency=low * QA upload. * debian/patches/004-reconnect.dpatch: Automatically re-establish connections with MySQL 5.0.3+. Thanks to Johann Glaser for the patch. Closes: #420010. * debian/rules: Let dh_strip handle DEB_BUILD_OPTIONS=nostrip. Closes: #437310. * debian/rules: Remove support for DEB_BUILD_OPTIONS=debug. * debian/rules: Don't ignore errors from `make distclean'. * Conforms to Standards version 3.7.3. -- Matej Vela Tue, 12 Feb 2008 15:55:39 +0100 libapache-mod-auth-mysql (4.3.9-4) unstable; urgency=low * QA upload. * Stop building libapache-mod-auth-mysql (Closes: #429104) * Remove B-D on apache-dev * Lets set DH_COMPAT in debian/compat, not debian/rules * Update debian/rules not to build the apache13 module anymore. * Conforms with latest Standards Version 3.7.2 -- Michael Ablassmeier Tue, 19 Jun 2007 11:09:00 +0200 libapache-mod-auth-mysql (4.3.9-3) unstable; urgency=medium * QA Upload * Set maintainer to Debian QA Group . * apache2 module depends now on apache2.2-common. * Removed the ,,changes* directories from the diff.gz. * Use now make distclean instead of make clean in debian/rules. * Build-depend now on dpatch. * Build-depend now on debhelper 5 instead of 4. * Converted the patches to dpatch. * Applied a patch to fix FTBFS against apache2.2 (Closes: #389579). Thanks to Julian Calaby for the patch. -- Mario Iseli Sun, 11 Feb 2007 14:04:10 +0100 libapache-mod-auth-mysql (4.3.9-2.1) unstable; urgency=medium * Non-maintainer upload. Rebuild against libmysqlclient15. Closes: #343771 -- Christian Hammers Tue, 21 Feb 2006 21:43:01 +0100 libapache-mod-auth-mysql (4.3.9-2) unstable; urgency=low * Rebuild for libmysqlclient12. Closes: #298671. * Clarify USAGE for md5 passwords. Closes: #298071. -- Matthew Palmer Thu, 10 Mar 2005 08:48:03 +1100 libapache-mod-auth-mysql (4.3.9-1) unstable; urgency=low * New upstream release, which codifies the way that multiple require statements are meant to work. -- Matthew Palmer Fri, 24 Dec 2004 00:30:40 +1100 libapache-mod-auth-mysql (4.3.8-1) unstable; urgency=low * Now converted to a non-native package, as I've got a user who is not a Debianite. * Fixed the configure script to properly detect whether libcrypt needs to be a separate library. * Guarded all instances of CRYPT_DES_ENCRYPTION_FLAG, so you can build the module without crypt() being present. -- Matthew Palmer Fri, 5 Nov 2004 22:07:14 +1100 libapache-mod-auth-mysql (4.3.7) unstable; urgency=low * Added a new encryption type, SHA1Sum, using a patch kindly prepared by Joseph Walton. Closes: #271730. -- Matthew Palmer Mon, 20 Sep 2004 10:26:41 +1000 libapache-mod-auth-mysql (4.3.6) unstable; urgency=high * Fixed a security bug where an error in the execution of mysql_check_group() causes the group check to succeed. Closes: #271721. Thanks to Joseph Walton for finding the problem and providing a patch. -- Matthew Palmer Wed, 15 Sep 2004 10:59:26 +1000 libapache-mod-auth-mysql (4.3.5) unstable; urgency=high * High urgency on the request of Adam Conrad to try and get Apache2 through for Sarge. * Rebuild to back out the ill-fated apache2 LFS transition (so much for comprehensive testing...) Closes: #267354. * Bumped the apache2-*-dev build-dep and apache2 dep to >= 2.0.50-10. -- Matthew Palmer Sun, 22 Aug 2004 21:08:58 +1000 libapache-mod-auth-mysql (4.3.4) unstable; urgency=medium * Rebuild to support new Apache2 ABI. Closes: #266177. -- Matthew Palmer Tue, 17 Aug 2004 10:01:34 +1000 libapache-mod-auth-mysql (4.3.3) unstable; urgency=low * Really fixed the multi-group checking. Seems I put the "you're not invited" return at the wrong scope. Where's my dwim() function, dammit. Closes: #257879 (I promise). -- Matthew Palmer Fri, 13 Aug 2004 00:23:02 +1000 libapache-mod-auth-mysql (4.3.2) unstable; urgency=low * Fixed multi-group checking; if multiple groups are listed in the 'require group' directive, the code only checked for the first one. Thanks to Karsten Richter for finding the bug and fixing it. Closes: #257879. * Cleaned up a define and associated bits to allow compilation under gcc-2.95. And we didn't even need a versioned build-depends. Closes: #258030. -- Matthew Palmer Fri, 6 Aug 2004 20:19:43 +1000 libapache-mod-auth-mysql (4.3.1) unstable; urgency=low * Determined that safe_mysql_query() wasn't retrying on some retryable errors, and fixed it up so that it retries once if the server wandered off before we started. Closes: #255985. -- Matthew Palmer Sun, 27 Jun 2004 21:34:59 +1000 libapache-mod-auth-mysql (4.3.0) unstable; urgency=low * Two new directives, Auth_MySQL_DefaultPort and Auth_MySQL_DefaultSocket. * Related to the above, the specification of port or socket as part of the hostname is no longer permitted. Hopefully nobody got too attached to that, as it wasn't documented as such anyway. * Straightened out various bits of twisty code. * Removed the crazy host/port/socket parsing code which (I believe) was causing all the screwed up hostname grief. Closes: #251704. -- Matthew Palmer Wed, 16 Jun 2004 17:39:10 +1000 libapache-mod-auth-mysql (4.2.1) unstable; urgency=low * Added some directives to the Apache2 config handler which were somehow missed in the initial conversion. Closes: #252455. * Fixed a string termination issue in the connection code. Closes: #251704. -- Matthew Palmer Fri, 4 Jun 2004 10:28:21 +1000 libapache-mod-auth-mysql (4.2.0) unstable; urgency=low * Applied a patch from Takeshi Murakami to add Apache 2 support and the ability to specify a port number or socket file (for those times you just gotta do it). Closes: #231667. Many thanks to Takeshi for taking the time to do the Apache2 conversion (which appears to have been a fair bit of work). - Updated DIRECTIVES for the new port/socket specifiers. - Added new --with-apache and --with-apache2 ./configure options to enable/disable build support for both modules. - New binary package, libapache2-mod-auth-mysql, to provide the apache2-compiled version of m-a-m. Closes: #248415. Also updated build-deps and all that sort of thing. Small parts shamelessly stolen from libapache2-mod-auth-pgsql. * Bumped standards version; no changes needed. * Reversed the sense of the persistent check on connection close; the program now behaves like it's documentation. Closes: #243995. -- Matthew Palmer Tue, 11 May 2004 15:09:07 +1000 libapache-mod-auth-mysql (4.1.8) unstable; urgency=low * Added conditionals and more calls to modules-config so that the module will install nicely into all apache flavours. Closes: #226425. * Applied a functionality improvement from Jakub Stachowski to add some arbitrary SQL to the end of a query, to improve matching. Closes: #221923. -- Matthew Palmer Fri, 16 Jan 2004 12:47:46 +1030 libapache-mod-auth-mysql (4.1.7) unstable; urgency=low * Added a postinst and postrm which should add and remove the module from Apache's module list. Closes: #220239 * Thwap! Forgot that sec->user_field might be NULL, so we shouldn't set auth_user_field to it if it's empty. * Added more ways to set user_group_field in the group checking query. Also added a default, so it'll never be NULL. * Some punctuation changes in the group check query string. * Tracked down a particularly vicious segfault (and fixed another bug in the process). * Finally tracked down the cause of require groups not working. Closes: #216859. Many thanks to Stephen Leclerc for putting up with my many fruitless debugging attempts, since I couldn't reproduce the problem on my systems, but it was consistent for him. -- Matthew Palmer Wed, 19 Nov 2003 00:02:10 +1100 libapache-mod-auth-mysql (4.1.6) unstable; urgency=low * Escaped $ signs in MD5 configure test, so it works properly. Thanks to Emmanuel Lacour for working this one out. (Closes: #212179) -- Matthew Palmer Wed, 24 Sep 2003 09:39:06 +1000 libapache-mod-auth-mysql (4.1.5) unstable; urgency=low * Applied patch supplied by Martin Kos to allow groups of a user to be specified as a MySQL SET. (Closes: #200535) -- Matthew Palmer Sun, 13 Jul 2003 19:00:17 +1000 libapache-mod-auth-mysql (4.1.4.1) unstable; urgency=low * Yet more #ifdef'd debugging, since I suspect a need for more sacrificial lambs. -- Matthew Palmer Fri, 16 May 2003 17:37:15 +1000 libapache-mod-auth-mysql (4.1.4) unstable; urgency=low * Now with a log message indicating "auth failed". * More logging around query generation, to solve a mysterious bug. * USAGE a little more detailed on the subject of encryption types. (Closes: #192098) -- Matthew Palmer Wed, 7 May 2003 17:18:17 +1000 libapache-mod-auth-mysql (4.1.3) unstable; urgency=low * Updated the Build-Deps to point to the LGPL'd libmysqlclient10-dev, rather than the GPL'd libmysqlclient-dev (which is actually lmc12-dev now). Pesky licenses. Closes: #189212. -- Matthew Palmer Wed, 16 Apr 2003 17:05:22 +1000 libapache-mod-auth-mysql (4.1.2) unstable; urgency=low * FFS... Automade makefiles suck. Duplicated the cleaning action of make distclean in debian/rules. Closes: #189107. -- Matthew Palmer Wed, 16 Apr 2003 09:09:58 +1000 libapache-mod-auth-mysql (4.1.1) unstable; urgency=low * New version numbering scheme. Screw this upstream-debian thing, I *am* the damn upstream (oooh, I love the power). * Fixed the blasted zombie connection problem. Simple really - as long as Apache played ball (which it didn't). Closes: #184443. Yippee! Much thanks *must* go to john@pensol.com who did the hard work of identifying the exact circumstances under which this bug occured, and provided a fair bit of the logic required to fix it. * Added analogous Auth_MySQL_Group_User_Field command, fixed code to align with documentation (group_user is the same as the username field, by default). All together, Closes: #187678. -- Matthew Palmer Mon, 14 Apr 2003 23:27:08 +1000 libapache-mod-auth-mysql (4.1.0-2) unstable; urgency=low * Added not null qualifier in USAGE so that it's valid MySQL. (Closes: #178191) * Added the DIRECTIVES file to the documentation. (Closes: #181692) -- Matthew Palmer Thu, 20 Feb 2003 13:06:21 +1100 libapache-mod-auth-mysql (4.1.0-1) unstable; urgency=low * New upstream version. * Modified rules to accomodate new configure script. -- Matthew Palmer Wed, 13 Nov 2002 01:25:13 +1100 libapache-mod-auth-mysql (4.0.0-3) unstable; urgency=low * Removed the custom APLOG_MARK I defined - it really isn't necessary, and just makes the logfile uglier. * Uncommented the check to see if the module has been disabled in config. Another one of those "WTF?" moments. (Closes: #166458) * Hunted down all error messages which don't involve errno and explicitly set errno to 0 (to avoid weird errors in logging messages). -- Matthew Palmer Sun, 10 Nov 2002 15:24:27 +1100 libapache-mod-auth-mysql (4.0.0-2) unstable; urgency=low * Uncomment the Auth_MySQL directives from the directives list. Why it ever got commented in the first place is completely beyond me. (Closes: #164321) -- Matthew Palmer Thu, 17 Oct 2002 09:30:54 +1000 libapache-mod-auth-mysql (4.0.0-1) unstable; urgency=low * New upstream release. Mostly just a merge of two differing versions of the upstream software, as well as some minor fiddling. -- Matthew Palmer Sat, 28 Sep 2002 12:43:46 +1000 libapache-mod-auth-mysql (3.2-2) unstable; urgency=low * Added support for PHP-style MD5 hashes. (Closes: #158287) * New maintainer, at the consent of the previous maintainer. Thanks to Matthew Wilcox for his work on the package to date. * Bumped standards-version to 3.5.7. * Integrated debhelper a bit more, DH_COMPAT=4. * New version. (Closes: #100692) -- Matthew Palmer Mon, 23 Sep 2002 11:08:57 +1000 libapache-mod-auth-mysql (3.2-1) unstable; urgency=low * Split from apache 1.3.22-5 package to reduce apache dependencies. -- Matthew Wilcox Wed, 9 Jan 2002 15:15:23 -0700