1 roundcube (0.5~rc-1) UNRELEASED; urgency=low
3 * New upstream release. Closes: #592312.
4 + Drop patches included upstream (DNS prefetching, jQuery 1.4
5 handling, email address validation, duplicate headers, incorrectly
6 formatted received headers). Adapt other patches.
7 + Update SQL commands to use to upgrade database.
8 That also closes: #602922.
9 + Update dependencies to match INSTALL file. Only exception is the
10 use of Mail_Mime 1.8.0 in place of 1.8.1 which is not available in
11 Debian. We depends on jQuery 1.4.2 because 1.4.4 is not available in
13 * Move .htaccess to /etc/roundcube and use a symlink (Closes: #591369).
15 -- Vincent Bernat <bernat@debian.org> Sat, 08 Jan 2011 15:15:56 +0100
17 roundcube (0.3.1-6) unstable; urgency=low
19 * Update Arabic debconf translation, thanks to Ossama Khayat.
21 * Update Portuguese debconf translation, thanks to Christian Perrier.
23 * Add a patch to avoid duplicate boundaries in headers when adding an
24 attachment. Closes: #599586.
26 -- Vincent Bernat <bernat@debian.org> Mon, 18 Oct 2010 23:14:37 +0200
28 roundcube (0.3.1-5) unstable; urgency=low
30 * Depends on php-mail-mime 1.7.0 or more recent to handle correctly
31 'mime_param_folding' directive. Closes: #588295.
32 * Add Danish debconf translation, thanks to Joe Dalton.
34 * Add a patch to fix Received header to behave better with Spam
35 Assassin. Closes: #595204.
37 -- Vincent Bernat <bernat@debian.org> Thu, 02 Sep 2010 07:54:58 +0200
39 roundcube (0.3.1-4) unstable; urgency=low
41 * Update README.Debian to state that the variable to modify is
42 'htmleditor' instead of 'enable_htmleditor'. Thanks to Hans
43 Spaans. Closes: #575556.
44 * Add Brazilian Portuguese debconf translation, thanks to Eder
45 L. Marques. Closes: #581745.
46 * Switch default encoding to UTF-8 instead of ISO-8859-1.
48 * Add more explanations on how to install roundcube in a Debian system
49 in README.Debian. Closes: #584458, #582894.
50 * Bump Standards-Version. No changes required.
51 * Switch to 3.0 (quilt) format.
52 * Use Breaks instead of Conflicts to move files from older roundcube
55 -- Vincent Bernat <bernat@debian.org> Sat, 17 Jul 2010 17:23:30 +0200
57 roundcube (0.3.1-3) unstable; urgency=high
59 * RFC 5321, section 4.5.3.1, asks to not impose any limits on length if
60 possible. We respect this by dropping limitation of the local-part of
61 an email address. Closes: #568360, #568537.
62 * Suggests php-auth-sasl to enable use of SASL mechanisms for mail
63 servers. Closes: #567550.
64 * Disable DNS prefetching to avoid information leakage through links
65 embedded in messages. This fixes CVE-2010-0464. Closes: #569660.
66 * Bump Standards-Version. No changes required.
68 -- Vincent Bernat <bernat@debian.org> Sat, 13 Feb 2010 10:21:49 +0100
70 roundcube (0.3.1-2) unstable; urgency=low
72 * Fix VCS links in debian/control, thanks to Torsten Landschoff.
74 * Really ship NEWS.Debian.
75 * Add changesets 3170 and 3202 from upstream to handle gracefully jQuery
76 1.4. Thanks to Volker Gropp for the report. Closes: #565715.
78 -- Vincent Bernat <bernat@debian.org> Mon, 18 Jan 2010 23:11:01 +0100
80 roundcube (0.3.1-1) unstable; urgency=low
82 * New upstream release.
83 * Add a notice in NEWS.Debian about php.ini options that should be set
84 to get Roundcube working properly. Closes: #549428, #552508.
86 -- Vincent Bernat <bernat@debian.org> Sat, 07 Nov 2009 17:41:37 +0100
88 roundcube (0.3-2) unstable; urgency=low
90 * Really fix #544579 since the default value is null without
91 quotes. This really Closes: #544579.
92 * Enlarge login box to accommodate sk_SK locale. Closes: #542933.
94 -- Vincent Bernat <bernat@debian.org> Sun, 27 Sep 2009 11:26:56 +0200
96 roundcube (0.3-1) unstable; urgency=low
98 * New upstream release. Closes: #545498.
99 * Update debconf translations:
100 + Italian, thanks to Luca Monducci. Closes: #544199.
101 + Czech, thanks to Miroslav Kure. Closes: #546413.
102 * Roundcube configuration now uses 'language' instead of 'locale_string'
103 to specify the default language. Update postinst to reflect this
104 change. Thanks to Richard van den Berg for noticing this. Closes: #544579.
105 * Depends on libjs-jquery (>= 1.3) since this is now used by roundcube.
106 * Don't ship any plugins for now but ship an empty plugins directory.
107 * Ship main .htaccess since it is needed to setup correctly PHP (for
108 example, to disable PHP Suhosin cookie encryption).
109 * Bump Standards-Version. No changes required.
111 -- Vincent Bernat <bernat@debian.org> Sun, 27 Sep 2009 11:00:30 +0200
113 roundcube (0.2.2-1) unstable; urgency=low
115 * New upstream release
116 * Bump Standards-Version. No changes required.
117 * Remove *.js.src which are not needed at runtime.
118 * Don't send email contents to Google by default by using php5-pspell
119 instead. Thanks to Anand Kumria. Closes: #529563.
120 * Update debconf translations:
121 + Basque, thanks to Piarres Beobide. Closes: #534282.
123 -- Vincent Bernat <bernat@debian.org> Sun, 05 Jul 2009 09:53:17 +0200
125 roundcube (0.2.1-2) unstable; urgency=low
127 * Update debconf translations:
128 + German, thanks to Helge Kreutzmann. Closes: #520004.
129 + Japanese, thanks to Hideki Yamane. Closes: #520024.
130 + Spanish, thanks to Francisco Javier. Closes: #526696.
131 + Russian, thanks to Yuri Kozlov. Closes: #528796.
132 * Depend on php-mdb2-* (>= 1.5.0b2) since it is needed to fix some
133 bugs. Closes: #519104, #519293. Remove not needed any more patch from
134 debian/patches/series. Keep it in debian/patches to help backports.
136 -- Vincent Bernat <bernat@debian.org> Sat, 16 May 2009 15:30:17 +0200
138 roundcube (0.2.1-1) unstable; urgency=low
140 * New upstream release:
141 + Fix use_packaged_tinymce.patch to apply to this new version
142 + Remove cve-2009-0413.patch which has been applied upstream
144 -- Vincent Bernat <bernat@debian.org> Sat, 14 Mar 2009 17:42:07 +0100
146 roundcube (0.2~stable-2) unstable; urgency=low
148 * Update debconf translations:
149 + French, thanks to Christian Perrier. Closes: #515806.
150 + Swedish, thanks to Martin Bagge. Closes: #516683.
151 * Drop virtual package roundcube-db and add dependencies on real package
152 instead: this way, we can have versioned dependencies on those to avoid
153 version mismatch between packages.
154 * Add a patch to not use a MDB2 feature not present in the Debian
155 package. Thanks to Grzegorz Sobański for the patch. Closes: #519104.
157 -- Vincent Bernat <bernat@debian.org> Wed, 11 Mar 2009 18:49:32 +0100
159 roundcube (0.2~stable-1) unstable; urgency=low
161 * New upstream version. Closes: #503573, #504570.
162 + Add SQL update scripts for this new release and for
163 0.2~alpha. Remove copy of SQL upgrade script from debian/rules.
164 + Remove patch for CVE-2008-5620 which is now fixed upstream.
165 + Remove patch correcting a vulnerability in html2text.php.
166 + Remove patch fixing login issue. This is fixed upstream.
167 + Remove patch setting the default backend to db instead of mdb2:
168 this is not possible any more. We depend on php-mdb2 now.
169 + Update patch to use packaged tinymce.
170 * Upload to unstable since Lenny is out.
171 * Apply fix for XSS issue (CVE-2009-0413). Closes: #514179.
172 * Remove hack to update a SQLite table for an upgrade from a quite old
173 version of roundcube.
174 * Fix pending l10n issues:
175 + Update English debconf template. Closes: #473794.
176 + Add Swedish translation thanks to Martin Bagge. Closes: #508752.
177 * Fix debian/copyright to make lintian happy.
179 -- Vincent Bernat <bernat@debian.org> Sun, 15 Feb 2009 16:18:58 +0100
181 roundcube (0.2~alpha-4) experimental; urgency=low
183 * Add missing ${misc:Depends} to make Lintian happy.
184 * Add description to each patch.
185 * Execute cron job only if the directory to clean exists.
186 * Reload web server configuration instead of restart, thanks to a patch
187 from Tiago Bortoletto Vaz. Closes: #508633.
188 * Fix a vulnerability in quota image generation. This fixes
189 CVE-2008-5620. Thanks to Nico Golde for reporting it. Closes: #509596.
190 * Add missing dependency on php5-gd, used for quota bar.
191 * For roundcube-pgsql, depends on postgresql-client only. This package
192 is provided by the currently supported real package.
194 -- Vincent Bernat <bernat@debian.org> Thu, 25 Dec 2008 11:38:13 +0100
196 roundcube (0.2~alpha-3) experimental; urgency=high
199 * Fix a vulnerability in the use of preg_replace (Closes: #508628).
200 * Adapt descriptions of roundcube-database packages to refer them as
201 metapackages instead of virtual package (Closes: #495434).
202 * Add robots.txt from upstream, even if in some configuration, it will
203 not be considered (Closes: #499108).
204 * Do not ship .htaccess files. Restrictions are set in Apache or
205 Lighttpd configuration files (Closes: #500202).
208 * Changed versioned dependency of rouncube from binary:Version to
209 source:Version since these are all architecture independent packages.
211 -- Vincent Bernat <bernat@debian.org> Sat, 13 Dec 2008 14:36:02 +0100
213 roundcube (0.2~alpha-2) experimental; urgency=low
216 * Fix lintian warnings introduced by previous upload
217 * Fix lighttpd.conf to make it work with latest versions (Closes: #494044)
218 * Do not prepend path to lighty util in postinst and postrm, as per
219 Policy Manual section 6.1
220 * Ship a bug/control file to have all bugs submitted against roundcube
222 * Fix debian/roundcube-core.cron.daily to use
223 /etc/default/roundcube-core instead of /etc/default/roundcube which
224 should not exist any more
227 * Versioned roundcube-core dependency for roundcube
229 -- Vincent Bernat <bernat@debian.org> Sat, 16 Aug 2008 13:22:08 +0200
231 roundcube (0.2~alpha-1) experimental; urgency=low
233 * New upstream release
234 * Update debian/watch file to correctly consider those new releases
235 * Remove the following patches:
236 + messageid-headers-ordering
238 + disable-tinymce-spellchecker
239 * Update the following patches:
240 + correct_install_path
241 + use_packaged_tinymce
242 * Add a new patch to fix a login problem
243 * Depends on tinymce >= 3
245 -- Vincent Bernat <bernat@debian.org> Sun, 22 Jun 2008 14:10:44 +0200
247 roundcube (0.1.1-7) unstable; urgency=low
249 * Another fix for incorrect tinymce path. This should be the last one!
251 -- Vincent Bernat <bernat@debian.org> Sun, 22 Jun 2008 12:36:59 +0200
253 roundcube (0.1.1-6) unstable; urgency=low
255 * Fix use_packaged_tinymce patch which was incorrect after switch to
258 -- Vincent Bernat <bernat@debian.org> Sun, 22 Jun 2008 12:19:16 +0200
260 roundcube (0.1.1-5) unstable; urgency=low
262 * Fix ordering of message-id in message headers, thanks to Reinhard
263 Tartler (Closes: #486493)
264 * Update Standards-Version to 3.8.0
266 -- Vincent Bernat <bernat@debian.org> Tue, 17 Jun 2008 00:33:40 +0200
268 roundcube (0.1.1-4) unstable; urgency=low
270 * Add Slovak debconf translation, thanks to Ivan Masár (Closes: #481376)
271 * Fix debian/copyright:
272 + RoundCube is GPL-2 licensed, not GPL-2+
273 + Add an explanation on the BSD license present at the top of
274 index.php (Closes: #477119)
275 * We do not support tinymce 3, yet. Depends on tinymce2 | tinymce (<<
276 3). Closes: #481145, #483053, #482295
278 -- Vincent Bernat <bernat@debian.org> Tue, 20 May 2008 20:51:52 +0200
280 roundcube (0.1.1-3) unstable; urgency=low
282 * Fix an error introduced when fixing bug #476803. Thanks to Micah
283 Anderson for spotting it (Closes: #479775).
284 * Avoid to pop language question at every upgrade. Thanks to Ivan Vucica
285 for spotting this. The problem lied in the use of db_metaget to get
286 the value of a key set by db_subst in a previous invocation. It seems
287 this is not possible any more (Closes: #480043). The fix implies that
288 we won't ask the question again if more languages are available since
291 -- Vincent Bernat <bernat@debian.org> Thu, 08 May 2008 09:50:24 +0200
293 roundcube (0.1.1-2) unstable; urgency=low
295 * Comment by default Alias directive for tinymce in Apache configuration
296 file (Closes: #476162).
297 * Allow to preseed language value (Closes: #476803).
299 -- Vincent Bernat <bernat@luffy.cx> Sat, 19 Apr 2008 16:50:28 +0200
301 roundcube (0.1.1-1) unstable; urgency=low
303 * New upstream release
304 - Copy old SQL upgrade scripts into debian/sql to allow upgrade from
305 versions older than 0.1
306 - Patch new MySQL upgrade script to fix a typo
307 * Debconf translation updates:
308 - Spanish. Closes: #473788
309 * Depends on php-mail-mime (>= 1.5.0) and drop compatibility patch
310 * Install upstream changelog in /usr/share/doc/roundcube*
312 -- Vincent Bernat <bernat@luffy.cx> Sat, 05 Apr 2008 18:16:33 +0200
314 roundcube (0.1-4) unstable; urgency=low
316 * Debconf translation updates:
317 - French. Closes: #469802
318 - Russian. Closes: #469847
319 - Galician. Closes: #469866
320 - German. Closes: #469875
321 - Finnish. Closes: #469922
322 - Italian. Closes: #469987
323 - Czech. Closes: #470150
324 - Portuguese. Closes: #470156
325 - Spanish. Closes: #470732
326 - Basque. Closes: #470871
327 - Arabic. Closes: #471470
329 -- Vincent Bernat <bernat@luffy.cx> Sat, 08 Mar 2008 11:15:00 +0100
331 roundcube (0.1-3) unstable; urgency=low
333 * Fix problem with too old php-mail-mime package (Closes: #469814)
335 -- Vincent Bernat <bernat@luffy.cx> Fri, 07 Mar 2008 11:06:49 +0100
337 roundcube (0.1-2) unstable; urgency=low
339 * Ship bin/ directory as well. This fix conversion from HTML to text in
341 * Disable spellchecker for tinymce since it is not shipped with Debian
344 -- Vincent Bernat <bernat@luffy.cx> Fri, 07 Mar 2008 09:42:39 +0100
346 roundcube (0.1-1) unstable; urgency=low
348 * New upstream release (Closes: #469487).
349 - This release seems to fix failure to set some fields when replying,
350 with bincimap as IMAP server (Closes: #443562)
351 - It also fixes the deletion of multiple messages, still with
352 bincimap (Closes: #451404)
353 * Remove 'ob_gzhandler.patch' and 'xss-fix.patch'. They have been
355 * Upstream has switched to MDB2 database backend which is not packaged
356 in Debian yet. We switch back to old backend.
357 * Fix debian/watch to handle correctly detection of new versions.
358 * Add support for lighttpd and remove support for older version of
359 Apache. The debconf question about webserver autoconfiguration is
360 reworded (Closes: #462961).
361 * Do not depend on a specific revision of cdbs.
362 * Move po-debconf from Build-Depends-Indep to Build-Depends since it is
363 needed for clean target.
364 * Correct path to /usr/share/file/magic, provided by libmagic1. Provide
365 license information about this file in debian/copyright.
367 -- Vincent Bernat <bernat@luffy.cx> Wed, 05 Mar 2008 20:49:03 +0100
369 roundcube (0.1~rc2-6) unstable; urgency=high
371 * Bug fix: "CVE-2007-6321: Cross-site scripting (XSS) vulnerability",
372 thanks to Micah Anderson (Closes: #455840). The patch is from
373 http://lists.roundcube.net/mail-archive/dev/2007-12/0000038.html and
374 provided by Robin Elfrink. It has been modified with some functions
375 stolen from Squirrelmail.
376 * Finnish debconf template, thanks to Esko Arajärvi (Closes: #458244).
378 -- Vincent Bernat <bernat@luffy.cx> Sat, 29 Dec 2007 21:55:17 +0100
380 roundcube (0.1~rc2-5) unstable; urgency=low
382 * Deal with old /etc/logrotate.d/roundcube by removing it if left
383 untouched (Closes: #456546). Also deal with /etc/default/roundcube and
384 /etc/cron.daily/roundcube.
386 -- Vincent Bernat <bernat@luffy.cx> Tue, 18 Dec 2007 23:02:46 +0100
388 roundcube (0.1~rc2-4) unstable; urgency=low
390 * Thightened dependencies for a safe upgrade
391 * Finally removed any circular dependency, -db packages no longer pull
392 a full roundcube install
394 -- Romain Beauxis <toots@rastageeks.org> Sun, 09 Dec 2007 14:24:24 +0100
396 roundcube (0.1~rc2-3) unstable; urgency=low
399 * Bumped standard version to 3.7.3 (no changes)
401 -- Romain Beauxis <toots@rastageeks.org> Sun, 09 Dec 2007 14:19:28 +0100
403 roundcube (0.1~rc2-2) experimental; urgency=low
406 * Fix a conflict between ob_gzhandler and zlib output compression,
407 thanks to kaouete (Closes: #450482).
410 * Fix tinymce patch and inclusion
412 * Splitted virtual packages to avoid circular dependencies.
413 Uploading to experimental, as this is an important change and we may
416 -- Romain Beauxis <toots@rastageeks.org> Mon, 26 Nov 2007 11:54:21 +0100
418 roundcube (0.1~rc2-1) unstable; urgency=low
420 * New upstream, thanks to Nicolas Stransky (Closes: #447503). This
421 release support tinymce as HTML editor. Look at README.Debian for more
423 * Update Galician debconf template, thanks to Jacobo Tarrio (Closes: #447943).
425 -- Vincent Bernat <bernat@luffy.cx> Mon, 29 Oct 2007 22:08:43 +0100
427 roundcube (0.1~rc1-3) unstable; urgency=low
429 * In respect to policy 12.3, do not put main.inc.php.dist in
430 /usr/share/doc, thanks to Jonas Smedegaard (Closes: #446502).
431 * Update German and French debconf templates, thanks to Christian
432 Perrier (Closes: #446458) and Helge Kreutzmann (Closes: #446532).
434 -- Vincent Bernat <bernat@luffy.cx> Sun, 14 Oct 2007 08:41:24 +0200
436 roundcube (0.1~rc1-2) unstable; urgency=low
438 * Fix dependencies by creating virtual packages for each database
439 backend, thanks to Joey Hess (Closes: #444925).
441 -- Vincent Bernat <bernat@luffy.cx> Tue, 02 Oct 2007 20:09:19 +0200
443 roundcube (0.1~rc1-1) unstable; urgency=low
445 * New upstream release
446 * Removed non gpl file des.inc
448 -- Romain Beauxis <toots@rastageeks.org> Tue, 24 Jul 2007 13:36:20 +0200
450 roundcube (0.1~rc1~dfsg-3) unstable; urgency=low
452 * Add php5-mcrypt dependency (Closes: #431177)
454 -- Vincent Bernat <bernat@luffy.cx> Sat, 30 Jun 2007 19:36:21 +0200
456 roundcube (0.1~rc1~dfsg-2) unstable; urgency=low
458 * Removed custom unix_timestamp for sqlite: solved upstream
459 * Debconf templates and debian/control reviewed by the debian-l10n-
460 english team as part of the Smith review project.
461 Closes: #426086, #427546, #427546
462 * Debconf translation updates:
463 - Galician. Closes: #426140
464 - Basque. Closes: #426150
465 - Czech. Closes: #426428
466 - Portuguese. Closes: #426451
467 - Arabic. Closes: #427110
468 - Italian. Closes: #427206
469 - German. Closes: #427536
470 - French. Closes: #427736
471 - Tamil. Closes: #428254
472 - Russian. Closes: #428364
473 - Spanish. Closes: #428573
475 -- Romain Beauxis <toots@rastageeks.org> Tue, 05 Jun 2007 15:22:36 +0200
477 roundcube (0.1~rc1~dfsg-1) unstable; urgency=low
480 * New upstream release
481 * Update script for sqlite in postinst
483 * Fixed dh_link calls
485 * Added custom patch to use php unix timestamp support
486 with sqlite since UNIX_TIMESTAMP is not supported by sqlite.
487 * Dropped php4 dependencies
489 -- Vincent Bernat <bernat@luffy.cx> Sun, 20 May 2007 13:59:44 +0200
491 roundcube (0.1~beta2.2~dfsg-2) unstable; urgency=low
493 * Fix a security issue by disallowing access to logs.
494 * First upload to unstable.
496 -- Vincent Bernat <bernat@luffy.cx> Sat, 5 May 2007 00:23:40 +0200
498 roundcube (0.1~beta2.2~dfsg-1) experimental; urgency=low
500 * Initial release. (Closes: #333756, #344949)
502 -- Romain Beauxis <toots@rastageeks.org> Tue, 13 Mar 2007 13:28:05 +0100