+roundcube (0.2~stable-1) unstable; urgency=low
+
+ * New upstream version. Closes: #503573, #504570.
+ + Add SQL update scripts for this new release and for
+ 0.2~alpha. Remove copy of SQL upgrade script from debian/rules.
+ + Remove patch for CVE-2008-5620 which is now fixed upstream.
+ + Remove patch correcting a vulnerability in html2text.php.
+ + Remove patch fixing login issue. This is fixed upstream.
+ + Remove patch setting the default backend to db instead of mdb2:
+ this is not possible any more. We depend on php-mdb2 now.
+ + Update patch to use packaged tinymce.
+ * Upload to unstable since Lenny is out.
+ * Apply fix for XSS issue (CVE-2009-0413). Closes: #514179.
+ * Remove hack to update a SQLite table for an upgrade from a quite old
+ version of roundcube.
+ * Fix pending l10n issues:
+ + Update English debconf template. Closes: #473794.
+ + Add Swedish translation thanks to Martin Bagge. Closes: #508752.
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 15 Feb 2009 16:18:58 +0100
+
+roundcube (0.2~alpha-4) experimental; urgency=low
+
+ * Add missing ${misc:Depends} to make Lintian happy.
+ * Add description to each patch.
+ * Execute cron job only if the directory to clean exists.
+ * Reload web server configuration instead of restart, thanks to a patch
+ from Tiago Bortoletto Vaz. Closes: #508633.
+ * Fix a vulnerability in quota image generation. This fixes
+ CVE-2008-5620. Thanks to Nico Golde for reporting it. Closes: #509596.
+ * Add missing dependency on php5-gd, used for quota bar.
+ * For roundcube-pgsql, depends on postgresql-client only. This package
+ is provided by the currently supported real package.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 25 Dec 2008 11:38:13 +0100
+
+roundcube (0.2~alpha-3) experimental; urgency=high
+
+ [ Vincent Bernat ]
+ * Fix a vulnerability in the use of preg_replace (Closes: #508628).
+ * Adapt descriptions of roundcube-database packages to refer them as
+ metapackages instead of virtual package (Closes: #495434).
+ * Add robots.txt from upstream, even if in some configuration, it will
+ not be considered (Closes: #499108).
+ * Do not ship .htaccess files. Restrictions are set in Apache or
+ Lighttpd configuration files (Closes: #500202).
+
+ [ Romain Beauxis ]
+ * Changed versioned dependency of rouncube from binary:Version to
+ source:Version since these are all architecture independent packages.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 13 Dec 2008 14:36:02 +0100
+
+roundcube (0.2~alpha-2) experimental; urgency=low
+
+ [ Vincent Bernat ]
+ * Fix lintian warnings introduced by previous upload
+ * Fix lighttpd.conf to make it work with latest versions (Closes: #494044)
+ * Do not prepend path to lighty util in postinst and postrm, as per
+ Policy Manual section 6.1
+ * Ship a bug/control file to have all bugs submitted against roundcube
+ metapackage
+ * Fix debian/roundcube-core.cron.daily to use
+ /etc/default/roundcube-core instead of /etc/default/roundcube which
+ should not exist any more
+
+ [ Romain Beauxis ]
+ * Versioned roundcube-core dependency for roundcube
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 16 Aug 2008 13:22:08 +0200
+
+roundcube (0.2~alpha-1) experimental; urgency=low
+
+ * New upstream release
+ * Update debian/watch file to correctly consider those new releases
+ * Remove the following patches:
+ + messageid-headers-ordering
+ + mysql-update-fix
+ + disable-tinymce-spellchecker
+ * Update the following patches:
+ + correct_install_path
+ + use_packaged_tinymce
+ * Add a new patch to fix a login problem
+ * Depends on tinymce >= 3
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 22 Jun 2008 14:10:44 +0200
+
+roundcube (0.1.1-7) unstable; urgency=low
+
+ * Another fix for incorrect tinymce path. This should be the last one!
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 22 Jun 2008 12:36:59 +0200
+
+roundcube (0.1.1-6) unstable; urgency=low
+
+ * Fix use_packaged_tinymce patch which was incorrect after switch to
+ tinymce2 package.
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 22 Jun 2008 12:19:16 +0200
+
+roundcube (0.1.1-5) unstable; urgency=low
+
+ * Fix ordering of message-id in message headers, thanks to Reinhard
+ Tartler (Closes: #486493)
+ * Update Standards-Version to 3.8.0
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 17 Jun 2008 00:33:40 +0200
+
+roundcube (0.1.1-4) unstable; urgency=low
+
+ * Add Slovak debconf translation, thanks to Ivan Masár (Closes: #481376)
+ * Fix debian/copyright:
+ + RoundCube is GPL-2 licensed, not GPL-2+
+ + Add an explanation on the BSD license present at the top of
+ index.php (Closes: #477119)
+ * We do not support tinymce 3, yet. Depends on tinymce2 | tinymce (<<
+ 3). Closes: #481145, #483053, #482295
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 20 May 2008 20:51:52 +0200
+
+roundcube (0.1.1-3) unstable; urgency=low
+
+ * Fix an error introduced when fixing bug #476803. Thanks to Micah
+ Anderson for spotting it (Closes: #479775).
+ * Avoid to pop language question at every upgrade. Thanks to Ivan Vucica
+ for spotting this. The problem lied in the use of db_metaget to get
+ the value of a key set by db_subst in a previous invocation. It seems
+ this is not possible any more (Closes: #480043). The fix implies that
+ we won't ask the question again if more languages are available since
+ last upgrade.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 08 May 2008 09:50:24 +0200
+
+roundcube (0.1.1-2) unstable; urgency=low
+
+ * Comment by default Alias directive for tinymce in Apache configuration
+ file (Closes: #476162).
+ * Allow to preseed language value (Closes: #476803).
+
+ -- Vincent Bernat <bernat@luffy.cx> Sat, 19 Apr 2008 16:50:28 +0200
+
+roundcube (0.1.1-1) unstable; urgency=low
+
+ * New upstream release
+ - Copy old SQL upgrade scripts into debian/sql to allow upgrade from
+ versions older than 0.1
+ - Patch new MySQL upgrade script to fix a typo
+ * Debconf translation updates:
+ - Spanish. Closes: #473788
+ * Depends on php-mail-mime (>= 1.5.0) and drop compatibility patch
+ * Install upstream changelog in /usr/share/doc/roundcube*
+
+ -- Vincent Bernat <bernat@luffy.cx> Sat, 05 Apr 2008 18:16:33 +0200
+
+roundcube (0.1-4) unstable; urgency=low
+
+ * Debconf translation updates:
+ - French. Closes: #469802
+ - Russian. Closes: #469847
+ - Galician. Closes: #469866
+ - German. Closes: #469875
+ - Finnish. Closes: #469922
+ - Italian. Closes: #469987
+ - Czech. Closes: #470150
+ - Portuguese. Closes: #470156
+ - Spanish. Closes: #470732
+ - Basque. Closes: #470871
+ - Arabic. Closes: #471470
+
+ -- Vincent Bernat <bernat@luffy.cx> Sat, 08 Mar 2008 11:15:00 +0100
+
+roundcube (0.1-3) unstable; urgency=low
+
+ * Fix problem with too old php-mail-mime package (Closes: #469814)
+
+ -- Vincent Bernat <bernat@luffy.cx> Fri, 07 Mar 2008 11:06:49 +0100
+
+roundcube (0.1-2) unstable; urgency=low
+
+ * Ship bin/ directory as well. This fix conversion from HTML to text in
+ composition.
+ * Disable spellchecker for tinymce since it is not shipped with Debian
+ package of tinymce.
+
+ -- Vincent Bernat <bernat@luffy.cx> Fri, 07 Mar 2008 09:42:39 +0100
+
+roundcube (0.1-1) unstable; urgency=low
+
+ * New upstream release (Closes: #469487).
+ - This release seems to fix failure to set some fields when replying,
+ with bincimap as IMAP server (Closes: #443562)
+ - It also fixes the deletion of multiple messages, still with
+ bincimap (Closes: #451404)
+ * Remove 'ob_gzhandler.patch' and 'xss-fix.patch'. They have been
+ merged upstream.
+ * Upstream has switched to MDB2 database backend which is not packaged
+ in Debian yet. We switch back to old backend.
+ * Fix debian/watch to handle correctly detection of new versions.
+ * Add support for lighttpd and remove support for older version of
+ Apache. The debconf question about webserver autoconfiguration is
+ reworded (Closes: #462961).
+ * Do not depend on a specific revision of cdbs.
+ * Move po-debconf from Build-Depends-Indep to Build-Depends since it is
+ needed for clean target.
+ * Correct path to /usr/share/file/magic, provided by libmagic1. Provide
+ license information about this file in debian/copyright.
+
+ -- Vincent Bernat <bernat@luffy.cx> Wed, 05 Mar 2008 20:49:03 +0100
+
roundcube (0.1~rc2-6) unstable; urgency=high
* Bug fix: "CVE-2007-6321: Cross-site scripting (XSS) vulnerability",
thanks to Micah Anderson (Closes: #455840). The patch is from
http://lists.roundcube.net/mail-archive/dev/2007-12/0000038.html and
- provided by Robin Elfrink.
+ provided by Robin Elfrink. It has been modified with some functions
+ stolen from Squirrelmail.
+ * Finnish debconf template, thanks to Esko Arajärvi (Closes: #458244).
- -- Vincent Bernat <bernat@luffy.cx> Fri, 28 Dec 2007 21:25:42 +0100
+ -- Vincent Bernat <bernat@luffy.cx> Sat, 29 Dec 2007 21:55:17 +0100
roundcube (0.1~rc2-5) unstable; urgency=low