Change log for graphite-web package in Debian

graphite-web (1.1.10-6) unstable; urgency=medium

  * import more of upstream py3.12 / django 3.2 fixes
  * provide systemd timer for cron script

 -- Alexandre Rossi <email address hidden>  Tue, 26 Mar 2024 08:50:36 +0100

Available diffs

• diff from 1.1.10-5 to 1.1.10-6 (3.8 KiB)

graphite-web (1.1.10-5) unstable; urgency=medium

  * fix typo in python3.12 related switch from module imp to importlib

 -- Alexandre Rossi <email address hidden>  Fri, 02 Feb 2024 10:23:38 +0100

Available diffs

• diff from 1.1.10-3 to 1.1.10-5 (2.6 KiB)
• diff from 1.1.10-4 to 1.1.10-5 (1.8 KiB)

graphite-web (1.1.10-4) unstable; urgency=medium

  * autopkgtest: some consistency in scripts called with full path
  * fix autopkg test with python3.12 (Closes: #1061800)

 -- Alexandre Rossi <email address hidden>  Thu, 01 Feb 2024 17:03:27 +0100

Available diffs

• diff from 1.1.10-3 to 1.1.10-4 (2.5 KiB)

graphite-web (1.1.10-3) unstable; urgency=medium

  * rename fix-build-py312 patch
  * fixup some major py3.12 and Django 4.2 deprecations
  * fix /var/lib/graphite permissions in postinst
  * add autopkgtest ensuring webapp startup

 -- Alexandre Rossi <email address hidden>  Sun, 17 Dec 2023 19:29:11 +0100

Available diffs

• diff from 1.1.10-2 to 1.1.10-3 (4.5 KiB)

graphite-web (1.1.10-2) unstable; urgency=medium

  * raise standards compliance to 4.6.2 (no change)
  * add forward info for CVE-2022-4728 CVE-2022-4729 CVE-2022-4730 patch
  * fix build with python 3.12 (Closes: #1058124)

 -- Alexandre Rossi <email address hidden>  Fri, 15 Dec 2023 16:30:39 +0100

Available diffs

• diff from 1.1.10-1 to 1.1.10-2 (1.5 KiB)

graphite-web (1.1.10-1) unstable; urgency=medium

  [ Debian Janitor ]
  * Remove constraints unnecessary since buster (oldstable):
    + Build-Depends-Indep: Drop versioned constraint on python3-whisper (>=
      1.1.4).
    + graphite-web: Drop versioned constraint on python3-whisper (>= 1.1.4) in
      Depends.

  [ Alexandre Rossi ]
  * raise dh compat level to 13
  * raise standards-version to 4.6.0
  * fix local_settings.py is world-readable (Closes: #882691)
  * drop custom compression in debian source options
  * update d/watch standard and use secure upstream uri
  * fix local_settings path when using wsgi (Closes: #995461, #1038599)
  * New upstream version 1.1.10 (Closes: #972283, #1038438)
  * fix dashboard theme not found
  * add myself to uploaders
  * refresh patches and drop fix-compat-with-pyparsing-3 (integrated upstream)

 -- Alexandre Rossi <email address hidden>  Thu, 21 Sep 2023 16:39:16 +0200

Available diffs

• diff from 1.1.8-2 to 1.1.10-1 (20.2 KiB)

graphite-web (1.1.8-2) unstable; urgency=medium

  * Add fix-compat-with-pyparsing-3.patch.

 -- Thomas Goirand <email address hidden>  Fri, 17 Mar 2023 14:24:47 +0100

Available diffs

• diff from 1.1.8-1.1 to 1.1.8-2 (827 bytes)

graphite-web (1.1.8-1.1) unstable; urgency=medium

  * NMU
  * CVE-2022-4728, CVE-2022-4729 & CVE-2022-4730: Prevent a series of
    cross-site scripting (XSS) vulnerabilties that could have been exploited
    remotely. Issues existed in the Cookie Handler, Template Name Handler and
    Absolute Time Range Handler components. (Closes: #1026992)

 -- Christoph Martin <email address hidden>  Tue, 07 Feb 2023 15:42:01 +0100

Available diffs

• diff from 1.1.8-1 to 1.1.8-1.1 (2.6 KiB)

graphite-web (1.1.8-1) unstable; urgency=medium

  * New upstream release:
    - Works with Python 3.9 (Closes: #962623).
  * Refresh local_settings.patch.
  * Rebase settings_debian.patch (taken from bug report).
  * Drop CVE-2017-18638.patch applied upstream.

 -- Thomas Goirand <email address hidden>  Mon, 06 Sep 2021 13:33:05 +0200

Available diffs

• diff from 1.1.4-5 to 1.1.8-1 (80.8 KiB)

graphite-web (1.1.4-3+deb10u1) buster; urgency=high

  [ Utkarsh Gupta ]
  * Add patch to remove the 'send_email' function to avoid SSRF attack.
    This was insecure, not used in the code, and was undocumented as well.
    (Fixes: CVE-2017-18638)

  [ Thomas Goirand ]
  * Avoid hourly error in cron with no whisper db (Closes: #940554). Thanks to
    Alexandre Rossi <email address hidden> for the patch.

 -- Thomas Goirand <email address hidden>  Thu, 17 Oct 2019 05:47:35 +0530

graphite-web (1.1.4-5) unstable; urgency=high

  * Non-maintainer upload.
  * Add patch to remove the 'send_email' function to avoid SSRF attack.
    This was insecure, not used in the code, and was undocumented as well.
    (Fixes: CVE-2017-18638)

 -- Utkarsh Gupta <email address hidden>  Thu, 17 Oct 2019 05:47:35 +0530

Available diffs

• diff from 1.1.4-3 to 1.1.4-5 (2.4 KiB)

graphite-web (1.1.4-4) unstable; urgency=medium

  * Avoid hourly error in cron with no whisper db (Closes: #940554). Thanks to
    Alexandre Rossi <email address hidden> for the patch.
  * Removed use of Python 2 (Closes: #936651). Thanks to Alexander again for
    the patch.

 -- Thomas Goirand <email address hidden>  Sat, 21 Sep 2019 21:38:06 +0200

graphite-web (1.1.4-3) unstable; urgency=medium

  * Fix shebang of /usr/bin/graphite-manage. (Closes: #925240)

 -- Thomas Goirand <email address hidden>  Fri, 07 Jun 2019 09:39:24 +0200

Available diffs

• diff from 1.1.4-2 to 1.1.4-3 (530 bytes)

graphite-web (1.1.4-2) unstable; urgency=medium

  * Fix README to suggest installation of libapache2-mod-wsgi-py3, and added
    NEWS about it (Closes: #917096).

 -- Thomas Goirand <email address hidden>  Wed, 26 Dec 2018 08:35:26 +0100

Available diffs

• diff from 1.1.4-1 to 1.1.4-2 (623 bytes)

graphite-web (1.1.4-1) unstable; urgency=medium

  * New upstream release.
  * Rebase patches.
  * Added myself as uploader (after contacting the current maintainers).
  * Ran wrap-and-sort -bast.
  * Removed obsolete X-Python-Version: >=2.6.
  * Switched to debhelper 10.
  * Switched the package to Python 3.

 -- Thomas Goirand <email address hidden>  Mon, 10 Dec 2018 15:28:59 +0100

Available diffs

• diff from 1.0.2+debian-2.1 to 1.1.4-1 (145.9 KiB)

graphite-web (1.0.2+debian-2.1) unstable; urgency=medium

  * NMU
  * VCS move to salsa
  * change maintainer to tracker list (closes: #899808)

 -- Christoph Martin <email address hidden>  Tue, 23 Oct 2018 13:57:47 +0200

Available diffs

• diff from 1.0.2+debian-2 to 1.0.2+debian-2.1 (715 bytes)

graphite-web (1.0.2+debian-2) unstable; urgency=medium

  * d/p/local_settings.patch: fixed typo (Closes: #876522)

 -- Jonas Genannt <email address hidden>  Sat, 23 Sep 2017 13:56:38 +0200

Available diffs

• diff from 0.9.15+debian-2 to 1.0.2+debian-2 (2.4 MiB)

graphite-web (1.0.2+debian-1) unstable; urgency=medium

  * Imported Upstream version 1.0.2+debian
    - Closes: #862084, #860195, #840516
  * d/README.source: update information
  * d/bin/graphite-build-search-index
    - fixed race condition [Michael Abmayer] (Closes: #849080)
  * d/p/remove_thirdparty_modules.patch: included by upstream
  * d/p/django19.patch: included by upstream
  * removed remove_internal_logrotate.patch upstream has add the setting
  * updated to new upstream version:
    - local_settings.patch
    - settings_debian.patch
  * d/copyright:
    - removed unused statement (upstream removed files)
    - updated copyright years
  * d/graphite-web.links: removed upstream no longer includes
    prototype and scriptaculous
  * d/graphite.wsgi: use upstream wsgi file (removed Debian version)
  * d/apache2-graphite.conf: changed content to static
  * d/control:
    - bumped depends version of python-whisper to 1.0.2
    - bumped standards version (no change needed)
    - removed libjs-scriptaculous, libjs-prototype from depends
    - added python-urllib3 as depends
    - added python-scandir as depends
  * debian/graphite-web.NEWS: added note about changed webserver configuration

 -- Jonas Genannt <email address hidden>  Wed, 20 Sep 2017 16:45:11 +0200

graphite-web (0.9.15+debian-2) unstable; urgency=medium

  [ Mathieu Parent ]
  * Remove me from uploaders

  [ Jonas Genannt ]
  * d/README: change to migrate (Closes: #824230)
  * d/README: added chown for sqlite usage (Closes: #811389)
  * Added backported patch for Django 1.9 (Closes: #824962)
  * d/control:
    - bumped standards version
    - changed to secure Vcs URLs

 -- Jonas Genannt <email address hidden>  Sun, 22 May 2016 15:32:51 +0200

Available diffs

• diff from 0.9.15+debian-1 to 0.9.15+debian-2 (2.2 KiB)

graphite-web (0.9.15+debian-1) unstable; urgency=medium

  * Team upload.
  * Imported Upstream version 0.9.15+debian
  * d/copyright: updated copyright year
  * d/p/settings_debian: refreshed patch
  * d/p/remove_thirdparty_modules: refreshed patch
  * d/control:
    - added Python-Version flag
    - added dh-python
    - added Version dependency
  * removed disable_install_opt.patch
  * d/rules: switched to pybuild
  * Updated README.Debian

 -- Jonas Genannt <email address hidden>  Sat, 28 Nov 2015 17:23:48 +0100

Available diffs

• diff from 0.9.13+debian-1 to 0.9.15+debian-1 (15.1 KiB)

graphite-web (0.9.13+debian-1) unstable; urgency=medium

  * Team upload.
  * Imported Upstream version 0.9.13+debian (Closes: #784441)
  * d/watch: updated watch file to pypi.debian.net service
  * d/control:
    - removed jquery depends; jquery was removed from Graphite
    - updated my email address
    - bumped standards version to 3.9.6 (no changes needed)
  * d/README.source: updated for new upstream release
  * patches removed, included by upstream:
    - add_maximum_returned_datapoints.patch
    - remove_graphlot.patch
    - django17.patch
    - django1.6_compatibility.patch
  * patches refreshed for new upstream version:
    - settings_debian.patch: refreshed
    - remove_thirdparty_modules.patch: refreshed
  * d/copyright: updated years and copyright
  * d/rules: remove included DS_Store file
  * d/graphite-web.links: removed jquery links

 -- Jonas Genannt <email address hidden>  Mon, 25 May 2015 15:54:10 +0200

Available diffs

• diff from 0.9.12+debian-7 to 0.9.13+debian-1 (50.7 KiB)

graphite-web (0.9.12+debian-7) unstable; urgency=low


  * added patch for maxDataPoints
    huge performance impact for dashboards like grafana (Closes: #775783)

 -- Jonas Genannt <email address hidden>  Thu, 29 Jan 2015 12:36:30 +0100

Available diffs

• diff from 0.9.12+debian-6 to 0.9.12+debian-7 (1.6 KiB)

graphite-web (0.9.12+debian-6) unstable; urgency=medium


  [ Vincent Bernat ]
  * d/postinst: fix directory creation

  [ Jonas Genannt ]
  * added patch to remove Graphlot feature
    Graphlot feature was broken in Debian. Upstream
    removed Graphlot feature.

 -- Jonas Genannt <email address hidden>  Wed, 03 Sep 2014 19:25:55 +0200

Available diffs

• diff from 0.9.12+debian-4 to 0.9.12+debian-6 (4.5 KiB)

graphite-web (0.9.12+debian-5) unstable; urgency=low


  * Team upload.
  * Graphite works now with Django 1.6 and 1.7 (Closes: #755638)
  * d/README.Debian: use service to restart apache

 -- Jonas Genannt <email address hidden>  Fri, 15 Aug 2014 18:34:55 +0200

graphite-web (0.9.12+debian-4) unstable; urgency=medium


  * added missing sources of extjs and ace (Closes: #744708)

 -- Jonas Genannt <email address hidden>  Mon, 28 Jul 2014 15:52:22 +0200

Available diffs

• diff from 0.9.12+debian-3 to 0.9.12+debian-4 (629.5 KiB)

graphite-web (0.9.12+debian-3) unstable; urgency=low


  * d/control: removed python-sqlite from depends (Closes: #739517)

 -- Jonas Genannt <email address hidden>  Sat, 22 Feb 2014 17:04:47 +0100

Available diffs

• diff from 0.9.12+debian-2 to 0.9.12+debian-3 (468 bytes)

graphite-web (0.9.12+debian-2) unstable; urgency=low


  [ Bernhard Schmidt ]
  * Import upstream patch to fix Django 1.6 compatibility
  * drop part about webapp/graphite/manage.py from patch, included upstream
  * changelog
  * graphite-manage: fix Django 1.6 compatibility (Closes: #729854)

  [ Jonas Genannt ]
  * d/control:
    - bumped standards version
    - added version depend to python-django >> 1.6-1~

 -- Jonas Genannt <email address hidden>  Mon, 25 Nov 2013 21:37:19 +0100

Available diffs

• diff from 0.9.12+debian-1 to 0.9.12+debian-2 (2.6 KiB)

graphite-web (0.9.12+debian-1) unstable; urgency=high


  * New Upstream Version (Closes: #720454, #721085)
    - Security fix included: CVE-2013-5093
  * refreshed patches against new version
  * d/control: updated Homepage field
  * d/control: added version depend on python-django-tagging
    since pyhton-django-taggit mistake
  * d/copyright: added Copyright section for ace
  * Added NEWS file

 -- Jonas Genannt <email address hidden>  Sun, 01 Sep 2013 21:30:47 +0200

Available diffs

• diff from 0.9.10+debian-2 to 0.9.12+debian-1 (151.5 KiB)

graphite-web (0.9.10+debian-2) unstable; urgency=low


  [ Marcelo Jorge Vieira ]
  * libjs-flot was renamed to libjs-jquery-flot (Closes: #710452)

  [ Jonas Genannt ]
  * run cronjob only if binary is available (Closes: #705976)
  * changed git to anonscm.debian.org as recommended by lintian

  [ Mathieu Parent ]
  * gbp.conf: Build to build-area
  * gbp.conf: Set pristine-tar to true
  * d/rules: Check for embedded libraries

 -- Mathieu Parent <email address hidden>  Mon, 10 Jun 2013 18:17:39 +0200

Available diffs

• diff from 0.9.10+debian-1 to 0.9.10+debian-2 (1.4 KiB)

graphite-web (0.9.10+debian-1) unstable; urgency=low


  * Initial release. (Closes: #659632)

 -- Jonas Genannt <email address hidden>  Sat, 09 Mar 2013 16:06:34 +0100