* New upstream release. * Improve wp-settings to verify that $_SERVER['HTTP_X_FORWARDED_PROTO'] exists before accessing it (avoids a PHP notice). Thanks to Paul Dreik <slask@pauldreik.se> for the report and the patch. * Document in README.Debian the need to login to /wp-admin/ to complete an upgrade. * Drop useless debian/README.source * Drop 008CVE2008-2392.patch since upstream now disables unfiltered uploads by default. See http://core.trac.wordpress.org/ticket/10692 * Drop 009CVE2008-6767.patch since the backto parameter is validated against a whitelist, and externally triggered upgrades are not a security problem as long as they work. * Update debian/missing-sources with latest versions. * Update upstream l10n.