Change log for roundcube package in Debian
| 76 → 150 of 150 results | First • Previous • Next • Last |
roundcube (1.2.3+dfsg.1-4) unstable; urgency=high
* Backport fix for CVE-2017-8114: Roundcube Webmail allows arbitrary
password resets by authenticated users. This affects versions before
1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused
by an improperly restricted exec call in the virtualmin and sasl drivers
of the password plugin. (Closes: #861388).
-- Guilhem Moulin <email address hidden> Mon, 01 May 2017 23:37:14 +0200
Available diffs
roundcube (1.2.3+dfsg.1-3) unstable; urgency=high
* Backport fix for CVE-2015-5381: rcube_utils.php in Roundcube before 1.1.8
and 1.2.x before 1.2.4 is susceptible to a cross-site scripting
vulnerability via a crafted Cascading Style Sheets (CSS) token sequence
within an SVG element. (Closes: #857473).
In 1.2.3+dfsg.1-2 the patch wasn't added to debian/patches/series.
-- Guilhem Moulin <email address hidden> Tue, 14 Mar 2017 11:43:18 +0100
Available diffs
- diff from 1.2.3+dfsg.1-1 to 1.2.3+dfsg.1-3 (982 bytes)
| Superseded in sid-release |
roundcube (1.2.3+dfsg.1-2) unstable; urgency=high
* Backport fix for CVE-2015-5381: rcube_utils.php in Roundcube before 1.1.8
and 1.2.x before 1.2.4 is susceptible to a cross-site scripting
vulnerability via a crafted Cascading Style Sheets (CSS) token sequence
within an SVG element. (Closes: #857473).
-- Guilhem Moulin <email address hidden> Tue, 14 Mar 2017 03:41:48 +0100
roundcube (1.2.3+dfsg.1-1) unstable; urgency=high [ Guilhem Moulin ] * New upstream release (closes: #847287). -- Sandro Knauß <email address hidden> Fri, 16 Dec 2016 12:17:54 +0100
Available diffs
- diff from 1.2.2+dfsg.1-1 to 1.2.3+dfsg.1-1 (202.6 KiB)
roundcube (1.2.2+dfsg.1-1) unstable; urgency=medium
[ Sandro Knauß ]
* Change own mailadress to new debian one
* Update Copyright years for myself
[ Guilhem Moulin ]
* New upstream release.
* debian/control:
+ Remove php-pspell from roundcube-plugins' Depends: field, as pspell is
not used by any plugin. However we keep it in roundcube-core's
Recommends: field as $config['spellcheck_engine'] defaults to 'pspell'.
(Closes: #825500).
+ Add php-crypt-gpg, php-net-sieve and php-zip to roundcube-plugins'
Suggests: field, respectively for the enigma, managesieve, and
zipdownload plugins. Thanks, Jan Gerber. (Closes: #836909).
+ Upgrade Homepage: field from http:// to https://.
* debian/watch: fix syntax error due to missing comment markers.
-- Sandro Knauß <email address hidden> Sun, 16 Oct 2016 18:25:05 +0200
Available diffs
roundcube (1.2.1+dfsg.1-2) unstable; urgency=medium * Update B-D according to composer.json-dist (Closes: #833461) * Move gpg_crypt from depends to suggests -- Sandro Knauß <email address hidden> Fri, 05 Aug 2016 11:20:14 +0200
Available diffs
- diff from 1.2.0+dfsg.1-1 to 1.2.1+dfsg.1-2 (484.6 KiB)
- diff from 1.2.1+dfsg.1-1 to 1.2.1+dfsg.1-2 (1.0 KiB)
| Superseded in sid-release |
roundcube (1.2.1+dfsg.1-1) unstable; urgency=medium
[ Guilhem Moulin ]
* d/roundcube-core.cron.d: install new cronjob (executed as www-data) to
finally remove all records that are marked as deleted (closes: #824676).
[ Sandro Knauß ]
* New upstream release.
* update update_composer.patch with upstream dependencies.
* Use secured links
-- Sandro Knauß <email address hidden> Wed, 03 Aug 2016 16:18:36 +0200
Available diffs
- diff from 1.2.0+dfsg.1-1 to 1.2.1+dfsg.1-1 (484.3 KiB)
| Published in wheezy-release |
roundcube (0.7.2-9+deb7u2) wheezy-security; urgency=high
* Non-maintainer upload.
* Add CVE-2015-8770.patch.
Fix directory traversal vulnerability in the set_skin function in
program/include/rcube_template.php that allowed remote authenticated users
with certain permissions to read arbitrary files or possibly execute
arbitrary code.
-- Markus Koschany <email address hidden> Mon, 04 Apr 2016 15:55:10 +0200
roundcube (1.2.0+dfsg.1-1) unstable; urgency=medium
* New upstream release.
* update patches (only file hunks updates)
* add sql updates for 1.2.0
* make roundcube ready for PHP 7 (Closes: #821646)
- replace dependencies from php5-* to php-* packages
* Update default config file to match debian default installation
- Disable spellchecking by default (needs pspell, that is only recommended)
- Remove plugins from default config file (needs roundcube-plugins)
* Update the internal copies of external libraries
-- Sandro Knauß <email address hidden> Tue, 24 May 2016 21:35:06 +0200
Available diffs
roundcube (1.1.5+dfsg.1-1) unstable; urgency=medium
[ Guilhem Moulin ]
* New upstream release (Closes: #822333).
* debian/watch:
+ Increase uscan version from 3 to 4.
+ Change release URL from http://sf.net to https://github.com .
* debian/control:
+ Bump Standards-Version to 3.9.8 (no changes necessary).
[ Sandro Knauß ]
* Use and check signed tarballs
* update patch hunks
-- Sandro Knauß <email address hidden> Thu, 28 Apr 2016 00:25:04 +0200
roundcube (1.1.4+dfsg.1-3) unstable; urgency=medium
* No dependency to packages that are part of roundcube itself
* Updated composer.json so it matches debian available versions.
(Closes: 817792)
-- Sandro Knauß <email address hidden> Thu, 10 Mar 2016 17:44:23 +0100
| Superseded in sid-release |
roundcube (1.1.4+dfsg.1-2) unstable; urgency=medium
[ Vincent Bernat ]
* Use an empty array for plugin configuration templates to ensure
Roundcube knows the configuration file is valid. Closes: #809769.
* Pre-Depends on appriopriate dpkg version for dir_to_symlink. Related
to #810980.
[ Sandro Knauß ]
* Use dh_phpcomposer to track php dependencies. (Closes: #814664)
* Use safe urls for VCS fields
* Bumped compat level to 9
* Updated lintian overrides
* Added php-pear to depends for roundcube-core. (Closes: #801973)
* Bump Standards-Version to 3.9.7
-- Sandro Knauß <email address hidden> Wed, 24 Feb 2016 15:17:35 +0100
roundcube (1.1.4+dfsg.1-1) unstable; urgency=medium * New upstream release. -- Guilhem Moulin <email address hidden> Mon, 28 Dec 2015 15:22:07 +0100
Available diffs
- diff from 1.1.3+dfsg.1-1 to 1.1.4+dfsg.1-1 (30.1 KiB)
| Superseded in stretch-release |
| Deleted in stretch-release (Reason: None provided.) |
| Superseded in sid-release |
roundcube (1.1.3+dfsg.1-1) unstable; urgency=medium
[ Guilhem Moulin ]
* New upstream release.
* Add self to Uploaders.
* debian/copyright: Add program/js/tinymce/plugins/media/moxieplayer.swf
to Files-Excluded.
* Remove unused lintian overide:
package-contains-broken-symlink var/lib/roundcube/config/config.inc.php
etc/roundcube/config.inc.php .
-- Guilhem Moulin <email address hidden> Sat, 17 Oct 2015 23:28:44 +0200
Available diffs
- diff from 1.1.2+dfsg.1-5 to 1.1.3+dfsg.1-1 (287.8 KiB)
roundcube (1.1.2+dfsg.1-5) unstable; urgency=medium
[ Vincent Bernat ]
* Demote php-net-ldap3 to Recommends.
[ Guilhem Moulin ]
* Roundcube: Add 'Breaks: roundcube-core (<< 1.1.1+dfsg.1-1)' to enable
smooth upgrade from Wheezy and its backports. Closes: #800659.
-- Vincent Bernat <email address hidden> Tue, 06 Oct 2015 15:17:03 +0200
Available diffs
- diff from 1.1.1+dfsg.1-2 to 1.1.2+dfsg.1-5 (734.0 KiB)
roundcube (1.1.2+dfsg.1-4) unstable; urgency=medium
* Also recommends php5-fpm and spawn-fcgi since they don't provide
httpd-cgi. Closes: #731705.
* Replace /var/lib/roundcube/config with a symlink. Closes: #629032.
* Require php-net-ldap3 for LDAP. Closes: #785056.
* Recommends php-net-sieve. Closes: #798307.
-- Vincent Bernat <email address hidden> Fri, 11 Sep 2015 08:28:03 +0200
roundcube (1.1.2+dfsg.1-3) unstable; urgency=medium
* Handle dir to symlink migration for /usr/share/doc/roundcube{,-plugins}.
Closes: #788448
* Put a warning about access rights in empty configuration files for
plugins. Closes: #739592
* Depends on php5-pspell for roundcube-plugins. Closes: #793857
* Remove /etc/roundcube/config.inc.php on purge. Closes: #793858
* Add back Enigma plugin. Closes: #771659
* Redact logout.html to not use a remote jquery.js.
* Don't ship license.txt with TinyMCE.
-- Sandro Knauß <email address hidden> Sat, 22 Aug 2015 18:23:30 +0200
| Superseded in sid-release |
roundcube (1.1.2+dfsg.1-2) unstable; urgency=medium
* Remove old symlinks for TinyMCE and jQuery on preinst.
Closes: #796318.
-- Vincent Bernat <email address hidden> Fri, 21 Aug 2015 13:52:19 +0200
| Superseded in sid-release |
roundcube (1.1.2+dfsg.1-1) unstable; urgency=medium
[ Vincent Bernat ]
* Fix quotes in last SQL request for upgrades. Closes: #784573.
* Update Apache/Lighttpd configuration files to not use out-of-tree
TinyMCE.
* Fix postrm for Lighttpd.
* Use pathfind to check for a tool existence.
* Add lintian overrides for embedded stuff.
[ Sandro Knauß ]
* Use internal tinymce and jquery copy. Closes: #784351. Closes: #785333.
* New upstream release.
* Fixes for CVE-2015-5381 are included in upstream.
* Fixes for CVE-2015-5382 are included in upstream.
* Added missing sources
* Updated copyright file
-- Sandro Knauß <email address hidden> Sat, 08 Aug 2015 15:05:44 +0200
roundcube (1.1.1+dfsg.1-2) unstable; urgency=medium
[ Sandro Knauß ]
* Release to unstable (freeze is over)
* Updated lintian-overrides
+ Config is created by postinst, so it is missing for lintian
* Move from cdbs -> debhelper
+ Install & rename htaccess in /usr/share
+ Added link to external jquery.min.js
+ Make tinymce link to exp repo the right way around
+ Correct links from /var/lib -> /etc
+ Only minify js for own javascript and not linked ones
+ Create config.inc.php also for plugins in roundcube-core
+ Create /usr/share/bug/$(package)/control for every package
* Link all docs dirs to roundcube-core instead of coping doc files
+ Move examples from roundcube-plugins -> roundcube-core
* d/watch file: be able to match rc, alpha, beta tarballs
[ Vincent Bernat ]
* d/watch: don't match "-complete" tarball
-- Sandro Knauß <email address hidden> Tue, 05 May 2015 00:11:01 +0200
Available diffs
| Deleted in experimental-release (Reason: None provided.) |
roundcube (1.1.1+dfsg.1-1) experimental; urgency=medium
[ Vincent Bernat ]
* Depends on php-mail-mimedecode. Closes: #740242.
* Update jstz.js with the version specified in the header.
* Build jquery-ui.custom.js from libjs-jquery-ui.
[ Ben Finney ]
* debian/watch:
+ Handle a “+dfsg.N” suffix for the Debian upstream version string.
[ Richard Laager ]
* Add a debian/.gitignore file
* Refresh patch offsets
* Refresh use_packaged_tinymce.patch to apply
[ Sandro Knauß ]
* New upstream release. Closes: #752479.
* Updated patches to use config.inc.php.
* Updated: copyright file
* Added patch to handle the upgrade from 0.9.5 -> 1.X.X
* Use update script from upstream.
* Cleanup debian/rules.
* Added current version system table.
* Move deletion of configfile to maintscript.
* Added SQL and installer to be install.
* Added NEWS entry about changing configuration.
* Updated links to other packages.
* Added jstz source zip to debian/source/include-binaries.
* Relicensing all work of dedian mantainers with GPL-2+.
* Bump Standards-Version to 3.9.6 (no changes needed).
* Removed patch for CVE-2015-1433 (is part of upstream).
* Ship bin and installer in package.
* Added php-cli as dep, to rund the scripts in bin.
-- Sandro Knauß <email address hidden> Thu, 26 Mar 2015 22:10:55 +0100
roundcube (0.9.5+dfsg1-4.2) unstable; urgency=medium
* NMU.
* Add a patch to fix XSS vulnerability. CVE-2015-1433.
Closes: #776700.
-- Vincent Bernat <email address hidden> Sat, 31 Jan 2015 16:32:11 +0100
Available diffs
roundcube (0.9.5+dfsg1-4.1) unstable; urgency=low
* NMU - rc bug preventing roundcube from being included in jessie.
* Changed debian/watch & debian/copyright so uscan repackage
upstream tarball to remove files without source.
Closes: #736782.
* Added sources for jquery-ui and jstz.js to debian/missing-sources.
* Modified debian/copyright to acknowledge copyrights of
files in debian/missing-sources.
* Added debian/create-jquery-ui-custom.sh that creates the
jquery-ui-1.9.1.custom.min.js from upstream source.
* Modified debian/rules to create jstz.min.js and
jquery-ui-1.9.1.custom.min.js form the versions we have
sources for.
-- Russell Stuart <email address hidden> Wed, 15 Oct 2014 09:51:17 +1000
Available diffs
- diff from 0.9.5-4 to 0.9.5+dfsg1-4.1 (98.0 KiB)
roundcube (0.9.5-4) unstable; urgency=low
* Depends directly on postgresql-client instead of a particular (and
sometimes outdated) version. Closes: #732369.
* Add mariadb-client/mariadb-server as possible alternatives for
mysql-client/mysql-server. Closes: #732909.
* Bump Standards-Version.
-- Vincent Bernat <email address hidden> Mon, 20 Jan 2014 20:01:25 +0100
Available diffs
- diff from 0.9.5-3git1 (in Ubuntu) to 0.9.5-4 (737 bytes)
| Superseded in wheezy-release |
roundcube (0.7.2-9+deb7u1) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team.
* Add CVE-2013-6172.patch patch.
CVE-2013-6172: An attacker can overwrite configuration settings
using user preferences. This can result in random file access,
manipulated SQL queries and even code execution. (Closes: #727668)
-- Salvatore Bonaccorso <email address hidden> Sat, 26 Oct 2013 00:24:14 +0200
roundcube (0.9.5-3) unstable; urgency=low
* Remove jquery-ui symlinks in preinst to avoid jquery-ui files to be
modified. Thanks Andreas Beckman for raising the issue.
Closes: #731499.
-- Vincent Bernat <email address hidden> Fri, 06 Dec 2013 08:21:34 +0100
Available diffs
- diff from 0.9.5-2 to 0.9.5-3 (576 bytes)
roundcube (0.9.5-2) unstable; urgency=low
* Add Polish debconf translation, thanks to Magdalena Zofia Kubot
(Closes: #728929).
* Use embedded jquery-ui has it contains some modifications.
Closes: #719781.
-- Vincent Bernat <email address hidden> Sun, 01 Dec 2013 13:19:15 +0100
Available diffs
- diff from 0.9.5-1 to 0.9.5-2 (2.5 KiB)
roundcube (0.9.5-1) unstable; urgency=low * Acknowledge NMU from Salvatore. Thanks! * New upstream release. Drop CVE patch since this is fixed upstream. -- Vincent Bernat <email address hidden> Thu, 31 Oct 2013 22:33:51 +0100
Available diffs
- diff from 0.9.4-1 to 0.9.5-1 (57.6 KiB)
roundcube (0.9.4-1) unstable; urgency=low
* New upstream version.
+ Fix CVE-2013-5645 (Closes: #721592)
+ "Enigma" plugin has been removed.
-- Vincent Bernat <email address hidden> Sun, 08 Sep 2013 13:52:46 +0200
Available diffs
- diff from 0.9.2-2 to 0.9.4-1 (129.1 KiB)
roundcube (0.9.2-2) unstable; urgency=low
* Depends on php5-sqlite instead of php5-sqlite3. Closes: #714727.
* Add a patch to map "sqlite3" driver to "sqlite".
* Breaks/replaces older versions of roundcube-plugins-extra (zipdownload
plugin is now part of roundcube-plugins). Closes: #714135.
* Downgrade php5-gd and php5-pspell to Recommends. Closes: #714448.
* Depends on libapache2-mod-php5 | php5 to allow support of PHP FPM.
-- Vincent Bernat <email address hidden> Wed, 31 Jul 2013 21:12:05 +0200
Available diffs
- diff from 0.7.2-9 to 0.9.2-2 (3.1 MiB)
- diff from 0.9.2-1 to 0.9.2-2 (1.8 KiB)
roundcube (0.9.2-1) unstable; urgency=low * New upstream version. -- Vincent Bernat <email address hidden> Sat, 22 Jun 2013 20:41:48 +0200
| Deleted in experimental-release (Reason: None provided.) |
roundcube (0.8.6-1) experimental; urgency=low * New upstream version. Closes: #684769. -- Vincent Bernat <email address hidden> Sun, 14 Apr 2013 11:21:32 +0200
roundcube (0.7.2-9) unstable; urgency=high
* Fix a vulnerability allowing logged users to override any variable
which may be used to steal credentials of other users or read
arbitrary files.
-- Vincent Bernat <email address hidden> Wed, 27 Mar 2013 22:01:25 +0100
Available diffs
- diff from 0.7.2-6 to 0.7.2-9 (2.6 KiB)
roundcube (0.7.2-8) unstable; urgency=low
* In roundcube-core postinst, set appropriate rights on directory
created when fixing symlinks.
-- Vincent Bernat <email address hidden> Thu, 21 Mar 2013 22:47:33 +0100
roundcube (0.7.2-7) unstable; urgency=low
* Fix dependencies to postgresql and postgresql-client. Closes: #699604.
* Drop roundcube-sqlite transition package since we don't provide an
automatic upgrade path. The user will have to remove the package by
herself. Move the related NEWS entry from roundcube-sqlite to
roundcube-core and explain how to continue upgrade. Closes: #688634.
-- Vincent Bernat <email address hidden> Sat, 16 Mar 2013 17:26:20 +0100
roundcube (0.7.2-6) unstable; urgency=low
* Fix the symlink mess in postinst when upgrading from 0.5 to a more
recent version. Closes: #680917, #656886.
-- Vincent Bernat <email address hidden> Sat, 10 Nov 2012 13:51:17 +0100
Available diffs
- diff from 0.7.2-5 to 0.7.2-6 (1.4 KiB)
roundcube (0.7.2-5) unstable; urgency=low
* Fix problem with some uuencoded attachments. Patch from Michał
Mirosław. Closes: #686857.
* Don't handle old configuration files from legacy roundcube
package. roundcube package is an empty metapackage since
Squeeze. Closes: #688230.
-- Vincent Bernat <email address hidden> Sat, 29 Sep 2012 11:39:07 +0200
Available diffs
- diff from 0.7.2-4 to 0.7.2-5 (3.8 KiB)
roundcube (0.7.2-4) unstable; urgency=high * Fix self XSS with plain signatures. CVE-2012-3508. Closes: #685475. -- Vincent Bernat <email address hidden> Sun, 26 Aug 2012 14:20:24 +0200
Available diffs
- diff from 0.7.2-3 to 0.7.2-4 (2.0 KiB)
roundcube (0.7.2-3) unstable; urgency=low
* Remove old Replaces/Breaks for roundcube-core since it is not needed
since Squeeze.
* Add back roundcube-sqlite package as a transitional package, thanks to
a suggestion by Andreas Beckmann. This enables one to upgrade from
Squeeze. Closes: #677803.
* Move the actual NEWS entry about dropping SQLite to the transitional
package. And be more verbose about it.
-- Vincent Bernat <email address hidden> Sat, 23 Jun 2012 19:52:33 +0200
Available diffs
- diff from 0.7.2-2 to 0.7.2-3 (1.6 KiB)
roundcube (0.7.2-2) unstable; urgency=low * Rotate /var/log/roundcube/session. Closes: #671472. * Fix rights of files generated by UCF. Closes: #671474. * Update Slovak debconf translation, thanks to Ivan Masár (Closes: #677907). -- Vincent Bernat <email address hidden> Tue, 19 Jun 2012 08:30:20 +0200
Available diffs
- diff from 0.7.2-1 to 0.7.2-2 (1.3 KiB)
roundcube (0.7.2-1) unstable; urgency=low * New upstream version. * Bump Standards-Version. No changes required. * Depends on php-mail-mime (>= 1.8.2). Closes: #656243. -- Vincent Bernat <email address hidden> Sat, 28 Apr 2012 10:29:15 +0200
Available diffs
- diff from 0.7.1-2 to 0.7.2-1 (61.6 KiB)
roundcube (0.7.1-2) unstable; urgency=high
* Remove roundcube-sqlite package since php5 package does not ship
SQLite 2.x support anymore. Roundcube is incompatible with SQLite 3.x.
Closes: #657092.
* Urgency set to high for php5 migration into testing.
-- Vincent Bernat <email address hidden> Tue, 07 Feb 2012 17:37:52 +0100
Available diffs
- diff from 0.6+dfsg-1 (in Ubuntu) to 0.7.1-2 (418.6 KiB)
roundcube (0.7.1-1) unstable; urgency=low
* New upstream version. Closes: #656093.
* Add Dutch debconf translation, thanks to Jeroen Schot.
Closes: #656082.
-- Vincent Bernat <email address hidden> Tue, 17 Jan 2012 08:57:11 +0100
roundcube (0.7-3) unstable; urgency=low
* Ship jqueryui plugin. Closes: #653274.
+ Depend on libjs-jquery-ui package (instead of builtin copy).
+ Conflict with versions of roundcube-plugins-extra providing this
plugin.
* More SQL fixes on update. Closes: #654297.
-- Vincent Bernat <email address hidden> Mon, 02 Jan 2012 21:45:42 +0100
roundcube (0.7-2) unstable; urgency=low * Fix SQLite upgrade file. Closes: #653217. * Also fixes MySQL upgrade file and SQLite regular file. -- Vincent Bernat <email address hidden> Sun, 25 Dec 2011 16:14:04 +0100
roundcube (0.7-1) unstable; urgency=low
* New upstream version. Closes: #652564.
+ Does not ship SWF with TinyMCE anymore.
-- Vincent Bernat <email address hidden> Fri, 23 Dec 2011 22:04:39 +0100
roundcube (0.6+dfsg-1) unstable; urgency=low
* New upstream version. Closes: #643707.
+ Repack to remove SWF file without source from TinyMCE.
+ Add SQL upgrade procedures.
+ Add new plugins: acl, enigma and newmail_notifier.
+ Update jQuery dependency to jQuery 1.6.4.
-- Vincent Bernat <email address hidden> Sun, 02 Oct 2011 15:20:57 +0200
roundcube (0.5.4+dfsg-1) unstable; urgency=high
[ Vincent Bernat ]
* New upstream version.
+ Fix XSS vulnerability in UI messages (Closes: #641996).
* Switch to Git for version control thanks to Jérémy
Bobbio. debian/control updated.
* Ship INSTALL. Closes: #633698.
[ Jérémy Bobbio ]
* Re-add 'password' plugin to roundcube-plugins.
-- Vincent Bernat <email address hidden> Wed, 13 Jul 2011 08:33:01 +0200
roundcube (0.5.3+dfsg-1) unstable; urgency=low * New upstream release. + Fix identities "reply-to" and "bcc" fields have a bogus value when left empty (Closes: #628553). -- Vincent Bernat <email address hidden> Fri, 10 Jun 2011 22:48:57 +0200
roundcube (0.5.2+dfsg-1) unstable; urgency=low * New upstream release * Update logrotate configuration. Closes: #619410. * Make debian-db.php owned by root. This really closes: #608976. * Bump Standards-Version. No changes required. -- Vincent Bernat <email address hidden> Sun, 24 Apr 2011 00:35:34 +0200
roundcube (0.5.1+dfsg-7) unstable; urgency=low * Make dbconfig-common use sqlite by default to ensure that the package can be configured non-interactively in most cases. Closes: #617754. -- Vincent Bernat <email address hidden> Fri, 11 Mar 2011 09:08:32 +0100
| Superseded in sid-release |
roundcube (0.5.1+dfsg-6) unstable; urgency=low * Handle incorrect upgrade from 0.3.1-6 when "changed" column already exists for table "identities". Closes: #617312. -- Vincent Bernat <email address hidden> Tue, 08 Mar 2011 07:37:56 +0100
| Superseded in sid-release |
roundcube (0.5.1+dfsg-5) unstable; urgency=low * Don't use awk. Use plain shell to modify main.inc.php. Closes: #616074. -- Vincent Bernat <email address hidden> Fri, 04 Mar 2011 20:46:57 +0100
| Superseded in sid-release |
roundcube (0.5.1+dfsg-4) unstable; urgency=low * Fix debian/watch to remove "+dfsg" suffix. * Use awk instead of sed to modify main.inc.php. Closes: #615277. -- Vincent Bernat <email address hidden> Tue, 01 Mar 2011 19:59:00 +0100
roundcube (0.5.1+dfsg-3) unstable; urgency=low * Install show_additional_headers plugin in roundcube-plugins package. * Use dbconfig-common to force some upgrade commands using some ugly hacks. This should fix any remaining problems with MySQL upgrade. Closes: #613586. -- Vincent Bernat <email address hidden> Fri, 18 Feb 2011 22:04:12 +0100
| Superseded in sid-release |
roundcube (0.5.1+dfsg-2) unstable; urgency=low * Remove all "ADD INDEX" from MySQL 0.5-1 upgrade file and put them in postinst script. If you have a problem during the upgrade, please, let me know. This upload is only done to prevent users who did not upgrade to 0.5 yet to have a problem during their upgrade. If you already upgraded to 0.5 and if the upgrade failed (or if some feature are missing like identities management), please look at bug #613586. -- Vincent Bernat <email address hidden> Wed, 16 Feb 2011 20:54:48 +0100
| Superseded in sid-release |
roundcube (0.5.1+dfsg-1) unstable; urgency=low * Add plugins. Closes: #550454. * Rewrite (and update) of debian/copyright. * Use of yui-compressor to re-minify Javascript files. * Drop correct-magic-path.patch: libmagic1 now provides a symlink to the correct location since 4.24-4. * Repack orig.tar.gz to remove swf file shipped with TinyMCE with no sources available. -- Vincent Bernat <email address hidden> Mon, 14 Feb 2011 22:33:51 +0100
roundcube (0.5.1-1) unstable; urgency=low * New upstream version. Some bugs are corrected in this release or in a previous release: + when switching to HTML mode, content type is now correctly set. Closes: #611321. + header delimiters handling has been fixed in 0.5. Closes: #603489. * Don't assign "skins" directory to www-data. Closes: #612552. * Add instructions on how to install and upgrade when not using dbconfig-common. We do not ship UPGRADING file any more since it is misleading. Closes: #612511. * Fix MySQL indexes if upgrading from 0.5-2 or lesser. Closes: #610725. * Rework how symlinks work. The only directory to use is /var/lib/roundcube. We use symlink from /usr/share/roundcube to /var/lib/roundcube and not the other way. Moreover, plugins and skins are also symlinked. A user should be able to add plugins and skins in /var/lib/roundcube while default ones are in /usr/share/roundcube. Closes: #612553. -- Vincent Bernat <email address hidden> Wed, 09 Feb 2011 07:32:42 +0100
| Deleted in experimental-release (Reason: None provided.) |
roundcube (0.5-2) experimental; urgency=low * If 0.3.1 was installed from scratch, upgrade does not work on MySQL and PostgreSQL because we try to create an index which already exists. With SQLite, the error is ignored, no fix needed. When using PostgreSQL, fix this by dropping the index if it already exists. Nothing similar seems to exist with MySQL. Therefore, just don't create the index. We need to handle this later. See bug #610725. Not closing. -- Vincent Bernat <email address hidden> Fri, 21 Jan 2011 21:44:05 +0100
| Superseded in experimental-release |
roundcube (0.5-1) experimental; urgency=low * New upstream release. Closes: #592312. + Drop patches included upstream (DNS prefetching, jQuery 1.4 handling, email address validation, duplicate headers, incorrectly formatted received headers). Adapt other patches. One of the patch now correctly states to use dpkg-reconfigure roundcube-core. Closes: #608977. + Update SQL commands to use to upgrade database. That also closes: #602922. Unfortunately, the user may get some harmless error messages because there is no way to know if 0.3.1 was installed from scratch or upgraded from 0.3. + Update dependencies to match INSTALL file. Only exception is the use of Mail_Mime 1.8.0 in place of 1.8.1 which is not available in Debian. We depends on jQuery 1.4.2 because 1.4.4 is not available in Debian. + All folders are correctly checked since 0.4. Closes: #552430. + Also, closes: #553194 since it seems to have been fixed too. + There is also the possibility to not top-quote since 0.4. Closes: #491063. + Closes: #602144. Also fixed. * Move .htaccess to /etc/roundcube and use a symlink (Closes: #591369). * Don't let www-data overwrite debian-db.php. Closes: #608976. * Bump Standards-Version. No changes required. -- Vincent Bernat <email address hidden> Sat, 15 Jan 2011 12:40:27 +0100
roundcube (0.3.1-6) unstable; urgency=low
* Update Arabic debconf translation, thanks to Ossama Khayat.
Closes: #596181.
* Update Portuguese debconf translation, thanks to Christian Perrier.
Closes: #599575.
* Add a patch to avoid duplicate boundaries in headers when adding an
attachment. Closes: #599586.
-- Vincent Bernat <email address hidden> Mon, 18 Oct 2010 23:14:37 +0200
roundcube (0.3.1-5) unstable; urgency=low
* Depends on php-mail-mime 1.7.0 or more recent to handle correctly
'mime_param_folding' directive. Closes: #588295.
* Add Danish debconf translation, thanks to Joe Dalton.
Closes: #593271.
* Add a patch to fix Received header to behave better with Spam
Assassin. Closes: #595204.
-- Vincent Bernat <email address hidden> Thu, 02 Sep 2010 07:54:58 +0200
roundcube (0.3.1-4) unstable; urgency=low
* Update README.Debian to state that the variable to modify is
'htmleditor' instead of 'enable_htmleditor'. Thanks to Hans
Spaans. Closes: #575556.
* Add Brazilian Portuguese debconf translation, thanks to Eder
L. Marques. Closes: #581745.
* Switch default encoding to UTF-8 instead of ISO-8859-1.
Closes: #588084.
* Add more explanations on how to install roundcube in a Debian system
in README.Debian. Closes: #584458, #582894.
* Bump Standards-Version. No changes required.
* Switch to 3.0 (quilt) format.
* Use Breaks instead of Conflicts to move files from older roundcube
installations.
-- Vincent Bernat <email address hidden> Sat, 17 Jul 2010 17:23:30 +0200
roundcube (0.3.1-3) unstable; urgency=high
* RFC 5321, section 4.5.3.1, asks to not impose any limits on length if
possible. We respect this by dropping limitation of the local-part of
an email address. Closes: #568360, #568537.
* Suggests php-auth-sasl to enable use of SASL mechanisms for mail
servers. Closes: #567550.
* Disable DNS prefetching to avoid information leakage through links
embedded in messages. This fixes CVE-2010-0464. Closes: #569660.
* Bump Standards-Version. No changes required.
-- Vincent Bernat <email address hidden> Sat, 13 Feb 2010 10:21:49 +0100
roundcube (0.3.1-2) unstable; urgency=low
* Fix VCS links in debian/control, thanks to Torsten Landschoff. Closes: #555900.
* Really ship NEWS.Debian.
* Add changesets 3170 and 3202 from upstream to handle gracefully jQuery
1.4. Thanks to Volker Gropp for the report. Closes: #565715.
-- Vincent Bernat <email address hidden> Mon, 18 Jan 2010 23:11:01 +0100
roundcube (0.3.1-1) unstable; urgency=low
* New upstream release.
* Add a notice in NEWS.Debian about php.ini options that should be set
to get Roundcube working properly. Closes: #549428, #552508.
-- Vincent Bernat <email address hidden> Sat, 07 Nov 2009 17:41:37 +0100
roundcube (0.3-2) unstable; urgency=low
* Really fix #544579 since the default value is null without
quotes. This really Closes: #544579.
* Enlarge login box to accommodate sk_SK locale. Closes: #542933.
-- Vincent Bernat <email address hidden> Sun, 27 Sep 2009 11:26:56 +0200
roundcube (0.2.2-1) unstable; urgency=low
* New upstream release
* Bump Standards-Version. No changes required.
* Remove *.js.src which are not needed at runtime.
* Don't send email contents to Google by default by using php5-pspell
instead. Thanks to Anand Kumria. Closes: #529563.
* Update debconf translations:
+ Basque, thanks to Piarres Beobide. Closes: #534282.
-- Vincent Bernat <email address hidden> Sun, 05 Jul 2009 09:53:17 +0200
roundcube (0.2.1-2) unstable; urgency=low
* Update debconf translations:
+ German, thanks to Helge Kreutzmann. Closes: #520004.
+ Japanese, thanks to Hideki Yamane. Closes: #520024.
+ Spanish, thanks to Francisco Javier. Closes: #526696.
+ Russian, thanks to Yuri Kozlov. Closes: #528796.
* Depend on php-mdb2-* (>= 1.5.0b2) since it is needed to fix some
bugs. Closes: #519104, #519293. Remove not needed any more patch from
debian/patches/series. Keep it in debian/patches to help backports.
-- Vincent Bernat <email address hidden> Sat, 16 May 2009 15:30:17 +0200
roundcube (0.2.1-1) unstable; urgency=low
* New upstream release:
+ Fix use_packaged_tinymce.patch to apply to this new version
+ Remove cve-2009-0413.patch which has been applied upstream
-- Vincent Bernat <email address hidden> Sat, 14 Mar 2009 17:42:07 +0100
| Superseded in sid-release |
roundcube (0.2~stable-2) unstable; urgency=low
* Update debconf translations:
+ French, thanks to Christian Perrier. Closes: #515806.
+ Swedish, thanks to Martin Bagge. Closes: #516683.
* Drop virtual package roundcube-db and add dependencies on real package
instead: this way, we can have versioned dependencies on those to avoid
version mismatch between packages.
* Add a patch to not use a MDB2 feature not present in the Debian
package. Thanks to Grzegorz Sobański for the patch. Closes: #519104.
-- Vincent Bernat <email address hidden> Wed, 11 Mar 2009 18:49:32 +0100
| Superseded in sid-release |
roundcube (0.2~stable-1) unstable; urgency=low
* New upstream version. Closes: #503573, #504570.
+ Add SQL update scripts for this new release and for
0.2~alpha. Remove copy of SQL upgrade script from debian/rules.
+ Remove patch for CVE-2008-5620 which is now fixed upstream.
+ Remove patch correcting a vulnerability in html2text.php.
+ Remove patch fixing login issue. This is fixed upstream.
+ Remove patch setting the default backend to db instead of mdb2:
this is not possible any more. We depend on php-mdb2 now.
+ Update patch to use packaged tinymce.
* Upload to unstable since Lenny is out.
* Apply fix for XSS issue (CVE-2009-0413). Closes: #514179.
* Remove hack to update a SQLite table for an upgrade from a quite old
version of roundcube.
* Fix pending l10n issues:
+ Update English debconf template. Closes: #473794.
+ Add Swedish translation thanks to Martin Bagge. Closes: #508752.
* Fix debian/copyright to make lintian happy.
-- Vincent Bernat <email address hidden> Sun, 15 Feb 2009 16:18:58 +0100
| Superseded in squeeze-release |
| Deleted in lenny-release (Reason: None provided.) |
| Superseded in sid-release |
roundcube (0.1.1-10) unstable; urgency=high
* Fix a vulnerability in quota image generation. This fixes
CVE-2008-5620. Thanks to Nico Golde for reporting it. Closes: #509596.
* Add description to all patches.
* Add missing ${misc:Depends} to debian/control.
* Add missing dependency on php5-gd, used for quota bar.
-- Vincent Bernat <email address hidden> Tue, 23 Dec 2008 20:52:39 +0100
roundcube (0.1.1-9) unstable; urgency=high
* Fix a vulnerability in preg_replace() use. Thanks to Andreas
Henriksson for the report. Closes: #508628.
-- Vincent Bernat <email address hidden> Sat, 13 Dec 2008 14:04:57 +0100
roundcube (0.1.1-8) unstable; urgency=low
[ Vincent Bernat ]
* Backport some changes from experimental version:
+ Versioned roundcube-core dependency for roundcube
+ Fix lighttpd.conf to make it work with latest versions (Closes: #494044)
+ Ship a bug/control file to have all bugs submitted against roundcube
metapackage
+ Fix debian/roundcube-core.cron.daily to use
/etc/default/roundcube-core instead of /etc/default/roundcube which
should not exist any more
+ Do not prepend path to lighty util in postinst and postrm, as per
Policy Manual section 6.1
+ Adapt descriptions of roundcube-database packages to refer them as
metapackages instead of virtual package (Closes: #495434).
[ Romain Beauxis ]
* Changed versioned dependency of rouncube from binary:Version to
source:Version since these are all architecture independent packages.
-- Romain Beauxis <email address hidden> Wed, 20 Aug 2008 01:25:30 +0200
| 76 → 150 of 150 results | First • Previous • Next • Last |
