1 roundcube (0.3.1-3) UNRELEASED; urgency=high
3 * RFC 5321, section 4.5.3.1, asks to not impose any limits on length if
4 possible. We respect this by dropping limitation of the local-part of
5 an email address. Closes: #568360, #568537.
6 * Suggests php-auth-sasl to enable use of SASL mechanisms for mail
7 servers. Closes: #567550.
8 * Disable DNS prefetching to avoid information leakage through links
9 embedded in messages. This fixes CVE-2010-0464. Closes: #569660.
11 -- Vincent Bernat <bernat@debian.org> Fri, 05 Feb 2010 19:50:51 +0100
13 roundcube (0.3.1-2) unstable; urgency=low
15 * Fix VCS links in debian/control, thanks to Torsten Landschoff.
17 * Really ship NEWS.Debian.
18 * Add changesets 3170 and 3202 from upstream to handle gracefully jQuery
19 1.4. Thanks to Volker Gropp for the report. Closes: #565715.
21 -- Vincent Bernat <bernat@debian.org> Mon, 18 Jan 2010 23:11:01 +0100
23 roundcube (0.3.1-1) unstable; urgency=low
25 * New upstream release.
26 * Add a notice in NEWS.Debian about php.ini options that should be set
27 to get Roundcube working properly. Closes: #549428, #552508.
29 -- Vincent Bernat <bernat@debian.org> Sat, 07 Nov 2009 17:41:37 +0100
31 roundcube (0.3-2) unstable; urgency=low
33 * Really fix #544579 since the default value is null without
34 quotes. This really Closes: #544579.
35 * Enlarge login box to accommodate sk_SK locale. Closes: #542933.
37 -- Vincent Bernat <bernat@debian.org> Sun, 27 Sep 2009 11:26:56 +0200
39 roundcube (0.3-1) unstable; urgency=low
41 * New upstream release. Closes: #545498.
42 * Update debconf translations:
43 + Italian, thanks to Luca Monducci. Closes: #544199.
44 + Czech, thanks to Miroslav Kure. Closes: #546413.
45 * Roundcube configuration now uses 'language' instead of 'locale_string'
46 to specify the default language. Update postinst to reflect this
47 change. Thanks to Richard van den Berg for noticing this. Closes: #544579.
48 * Depends on libjs-jquery (>= 1.3) since this is now used by roundcube.
49 * Don't ship any plugins for now but ship an empty plugins directory.
50 * Ship main .htaccess since it is needed to setup correctly PHP (for
51 example, to disable PHP Suhosin cookie encryption).
52 * Bump Standards-Version. No changes required.
54 -- Vincent Bernat <bernat@debian.org> Sun, 27 Sep 2009 11:00:30 +0200
56 roundcube (0.2.2-1) unstable; urgency=low
58 * New upstream release
59 * Bump Standards-Version. No changes required.
60 * Remove *.js.src which are not needed at runtime.
61 * Don't send email contents to Google by default by using php5-pspell
62 instead. Thanks to Anand Kumria. Closes: #529563.
63 * Update debconf translations:
64 + Basque, thanks to Piarres Beobide. Closes: #534282.
66 -- Vincent Bernat <bernat@debian.org> Sun, 05 Jul 2009 09:53:17 +0200
68 roundcube (0.2.1-2) unstable; urgency=low
70 * Update debconf translations:
71 + German, thanks to Helge Kreutzmann. Closes: #520004.
72 + Japanese, thanks to Hideki Yamane. Closes: #520024.
73 + Spanish, thanks to Francisco Javier. Closes: #526696.
74 + Russian, thanks to Yuri Kozlov. Closes: #528796.
75 * Depend on php-mdb2-* (>= 1.5.0b2) since it is needed to fix some
76 bugs. Closes: #519104, #519293. Remove not needed any more patch from
77 debian/patches/series. Keep it in debian/patches to help backports.
79 -- Vincent Bernat <bernat@debian.org> Sat, 16 May 2009 15:30:17 +0200
81 roundcube (0.2.1-1) unstable; urgency=low
83 * New upstream release:
84 + Fix use_packaged_tinymce.patch to apply to this new version
85 + Remove cve-2009-0413.patch which has been applied upstream
87 -- Vincent Bernat <bernat@debian.org> Sat, 14 Mar 2009 17:42:07 +0100
89 roundcube (0.2~stable-2) unstable; urgency=low
91 * Update debconf translations:
92 + French, thanks to Christian Perrier. Closes: #515806.
93 + Swedish, thanks to Martin Bagge. Closes: #516683.
94 * Drop virtual package roundcube-db and add dependencies on real package
95 instead: this way, we can have versioned dependencies on those to avoid
96 version mismatch between packages.
97 * Add a patch to not use a MDB2 feature not present in the Debian
98 package. Thanks to Grzegorz Sobański for the patch. Closes: #519104.
100 -- Vincent Bernat <bernat@debian.org> Wed, 11 Mar 2009 18:49:32 +0100
102 roundcube (0.2~stable-1) unstable; urgency=low
104 * New upstream version. Closes: #503573, #504570.
105 + Add SQL update scripts for this new release and for
106 0.2~alpha. Remove copy of SQL upgrade script from debian/rules.
107 + Remove patch for CVE-2008-5620 which is now fixed upstream.
108 + Remove patch correcting a vulnerability in html2text.php.
109 + Remove patch fixing login issue. This is fixed upstream.
110 + Remove patch setting the default backend to db instead of mdb2:
111 this is not possible any more. We depend on php-mdb2 now.
112 + Update patch to use packaged tinymce.
113 * Upload to unstable since Lenny is out.
114 * Apply fix for XSS issue (CVE-2009-0413). Closes: #514179.
115 * Remove hack to update a SQLite table for an upgrade from a quite old
116 version of roundcube.
117 * Fix pending l10n issues:
118 + Update English debconf template. Closes: #473794.
119 + Add Swedish translation thanks to Martin Bagge. Closes: #508752.
120 * Fix debian/copyright to make lintian happy.
122 -- Vincent Bernat <bernat@debian.org> Sun, 15 Feb 2009 16:18:58 +0100
124 roundcube (0.2~alpha-4) experimental; urgency=low
126 * Add missing ${misc:Depends} to make Lintian happy.
127 * Add description to each patch.
128 * Execute cron job only if the directory to clean exists.
129 * Reload web server configuration instead of restart, thanks to a patch
130 from Tiago Bortoletto Vaz. Closes: #508633.
131 * Fix a vulnerability in quota image generation. This fixes
132 CVE-2008-5620. Thanks to Nico Golde for reporting it. Closes: #509596.
133 * Add missing dependency on php5-gd, used for quota bar.
134 * For roundcube-pgsql, depends on postgresql-client only. This package
135 is provided by the currently supported real package.
137 -- Vincent Bernat <bernat@debian.org> Thu, 25 Dec 2008 11:38:13 +0100
139 roundcube (0.2~alpha-3) experimental; urgency=high
142 * Fix a vulnerability in the use of preg_replace (Closes: #508628).
143 * Adapt descriptions of roundcube-database packages to refer them as
144 metapackages instead of virtual package (Closes: #495434).
145 * Add robots.txt from upstream, even if in some configuration, it will
146 not be considered (Closes: #499108).
147 * Do not ship .htaccess files. Restrictions are set in Apache or
148 Lighttpd configuration files (Closes: #500202).
151 * Changed versioned dependency of rouncube from binary:Version to
152 source:Version since these are all architecture independent packages.
154 -- Vincent Bernat <bernat@debian.org> Sat, 13 Dec 2008 14:36:02 +0100
156 roundcube (0.2~alpha-2) experimental; urgency=low
159 * Fix lintian warnings introduced by previous upload
160 * Fix lighttpd.conf to make it work with latest versions (Closes: #494044)
161 * Do not prepend path to lighty util in postinst and postrm, as per
162 Policy Manual section 6.1
163 * Ship a bug/control file to have all bugs submitted against roundcube
165 * Fix debian/roundcube-core.cron.daily to use
166 /etc/default/roundcube-core instead of /etc/default/roundcube which
167 should not exist any more
170 * Versioned roundcube-core dependency for roundcube
172 -- Vincent Bernat <bernat@debian.org> Sat, 16 Aug 2008 13:22:08 +0200
174 roundcube (0.2~alpha-1) experimental; urgency=low
176 * New upstream release
177 * Update debian/watch file to correctly consider those new releases
178 * Remove the following patches:
179 + messageid-headers-ordering
181 + disable-tinymce-spellchecker
182 * Update the following patches:
183 + correct_install_path
184 + use_packaged_tinymce
185 * Add a new patch to fix a login problem
186 * Depends on tinymce >= 3
188 -- Vincent Bernat <bernat@debian.org> Sun, 22 Jun 2008 14:10:44 +0200
190 roundcube (0.1.1-7) unstable; urgency=low
192 * Another fix for incorrect tinymce path. This should be the last one!
194 -- Vincent Bernat <bernat@debian.org> Sun, 22 Jun 2008 12:36:59 +0200
196 roundcube (0.1.1-6) unstable; urgency=low
198 * Fix use_packaged_tinymce patch which was incorrect after switch to
201 -- Vincent Bernat <bernat@debian.org> Sun, 22 Jun 2008 12:19:16 +0200
203 roundcube (0.1.1-5) unstable; urgency=low
205 * Fix ordering of message-id in message headers, thanks to Reinhard
206 Tartler (Closes: #486493)
207 * Update Standards-Version to 3.8.0
209 -- Vincent Bernat <bernat@debian.org> Tue, 17 Jun 2008 00:33:40 +0200
211 roundcube (0.1.1-4) unstable; urgency=low
213 * Add Slovak debconf translation, thanks to Ivan Masár (Closes: #481376)
214 * Fix debian/copyright:
215 + RoundCube is GPL-2 licensed, not GPL-2+
216 + Add an explanation on the BSD license present at the top of
217 index.php (Closes: #477119)
218 * We do not support tinymce 3, yet. Depends on tinymce2 | tinymce (<<
219 3). Closes: #481145, #483053, #482295
221 -- Vincent Bernat <bernat@debian.org> Tue, 20 May 2008 20:51:52 +0200
223 roundcube (0.1.1-3) unstable; urgency=low
225 * Fix an error introduced when fixing bug #476803. Thanks to Micah
226 Anderson for spotting it (Closes: #479775).
227 * Avoid to pop language question at every upgrade. Thanks to Ivan Vucica
228 for spotting this. The problem lied in the use of db_metaget to get
229 the value of a key set by db_subst in a previous invocation. It seems
230 this is not possible any more (Closes: #480043). The fix implies that
231 we won't ask the question again if more languages are available since
234 -- Vincent Bernat <bernat@debian.org> Thu, 08 May 2008 09:50:24 +0200
236 roundcube (0.1.1-2) unstable; urgency=low
238 * Comment by default Alias directive for tinymce in Apache configuration
239 file (Closes: #476162).
240 * Allow to preseed language value (Closes: #476803).
242 -- Vincent Bernat <bernat@luffy.cx> Sat, 19 Apr 2008 16:50:28 +0200
244 roundcube (0.1.1-1) unstable; urgency=low
246 * New upstream release
247 - Copy old SQL upgrade scripts into debian/sql to allow upgrade from
248 versions older than 0.1
249 - Patch new MySQL upgrade script to fix a typo
250 * Debconf translation updates:
251 - Spanish. Closes: #473788
252 * Depends on php-mail-mime (>= 1.5.0) and drop compatibility patch
253 * Install upstream changelog in /usr/share/doc/roundcube*
255 -- Vincent Bernat <bernat@luffy.cx> Sat, 05 Apr 2008 18:16:33 +0200
257 roundcube (0.1-4) unstable; urgency=low
259 * Debconf translation updates:
260 - French. Closes: #469802
261 - Russian. Closes: #469847
262 - Galician. Closes: #469866
263 - German. Closes: #469875
264 - Finnish. Closes: #469922
265 - Italian. Closes: #469987
266 - Czech. Closes: #470150
267 - Portuguese. Closes: #470156
268 - Spanish. Closes: #470732
269 - Basque. Closes: #470871
270 - Arabic. Closes: #471470
272 -- Vincent Bernat <bernat@luffy.cx> Sat, 08 Mar 2008 11:15:00 +0100
274 roundcube (0.1-3) unstable; urgency=low
276 * Fix problem with too old php-mail-mime package (Closes: #469814)
278 -- Vincent Bernat <bernat@luffy.cx> Fri, 07 Mar 2008 11:06:49 +0100
280 roundcube (0.1-2) unstable; urgency=low
282 * Ship bin/ directory as well. This fix conversion from HTML to text in
284 * Disable spellchecker for tinymce since it is not shipped with Debian
287 -- Vincent Bernat <bernat@luffy.cx> Fri, 07 Mar 2008 09:42:39 +0100
289 roundcube (0.1-1) unstable; urgency=low
291 * New upstream release (Closes: #469487).
292 - This release seems to fix failure to set some fields when replying,
293 with bincimap as IMAP server (Closes: #443562)
294 - It also fixes the deletion of multiple messages, still with
295 bincimap (Closes: #451404)
296 * Remove 'ob_gzhandler.patch' and 'xss-fix.patch'. They have been
298 * Upstream has switched to MDB2 database backend which is not packaged
299 in Debian yet. We switch back to old backend.
300 * Fix debian/watch to handle correctly detection of new versions.
301 * Add support for lighttpd and remove support for older version of
302 Apache. The debconf question about webserver autoconfiguration is
303 reworded (Closes: #462961).
304 * Do not depend on a specific revision of cdbs.
305 * Move po-debconf from Build-Depends-Indep to Build-Depends since it is
306 needed for clean target.
307 * Correct path to /usr/share/file/magic, provided by libmagic1. Provide
308 license information about this file in debian/copyright.
310 -- Vincent Bernat <bernat@luffy.cx> Wed, 05 Mar 2008 20:49:03 +0100
312 roundcube (0.1~rc2-6) unstable; urgency=high
314 * Bug fix: "CVE-2007-6321: Cross-site scripting (XSS) vulnerability",
315 thanks to Micah Anderson (Closes: #455840). The patch is from
316 http://lists.roundcube.net/mail-archive/dev/2007-12/0000038.html and
317 provided by Robin Elfrink. It has been modified with some functions
318 stolen from Squirrelmail.
319 * Finnish debconf template, thanks to Esko Arajärvi (Closes: #458244).
321 -- Vincent Bernat <bernat@luffy.cx> Sat, 29 Dec 2007 21:55:17 +0100
323 roundcube (0.1~rc2-5) unstable; urgency=low
325 * Deal with old /etc/logrotate.d/roundcube by removing it if left
326 untouched (Closes: #456546). Also deal with /etc/default/roundcube and
327 /etc/cron.daily/roundcube.
329 -- Vincent Bernat <bernat@luffy.cx> Tue, 18 Dec 2007 23:02:46 +0100
331 roundcube (0.1~rc2-4) unstable; urgency=low
333 * Thightened dependencies for a safe upgrade
334 * Finally removed any circular dependency, -db packages no longer pull
335 a full roundcube install
337 -- Romain Beauxis <toots@rastageeks.org> Sun, 09 Dec 2007 14:24:24 +0100
339 roundcube (0.1~rc2-3) unstable; urgency=low
342 * Bumped standard version to 3.7.3 (no changes)
344 -- Romain Beauxis <toots@rastageeks.org> Sun, 09 Dec 2007 14:19:28 +0100
346 roundcube (0.1~rc2-2) experimental; urgency=low
349 * Fix a conflict between ob_gzhandler and zlib output compression,
350 thanks to kaouete (Closes: #450482).
353 * Fix tinymce patch and inclusion
355 * Splitted virtual packages to avoid circular dependencies.
356 Uploading to experimental, as this is an important change and we may
359 -- Romain Beauxis <toots@rastageeks.org> Mon, 26 Nov 2007 11:54:21 +0100
361 roundcube (0.1~rc2-1) unstable; urgency=low
363 * New upstream, thanks to Nicolas Stransky (Closes: #447503). This
364 release support tinymce as HTML editor. Look at README.Debian for more
366 * Update Galician debconf template, thanks to Jacobo Tarrio (Closes: #447943).
368 -- Vincent Bernat <bernat@luffy.cx> Mon, 29 Oct 2007 22:08:43 +0100
370 roundcube (0.1~rc1-3) unstable; urgency=low
372 * In respect to policy 12.3, do not put main.inc.php.dist in
373 /usr/share/doc, thanks to Jonas Smedegaard (Closes: #446502).
374 * Update German and French debconf templates, thanks to Christian
375 Perrier (Closes: #446458) and Helge Kreutzmann (Closes: #446532).
377 -- Vincent Bernat <bernat@luffy.cx> Sun, 14 Oct 2007 08:41:24 +0200
379 roundcube (0.1~rc1-2) unstable; urgency=low
381 * Fix dependencies by creating virtual packages for each database
382 backend, thanks to Joey Hess (Closes: #444925).
384 -- Vincent Bernat <bernat@luffy.cx> Tue, 02 Oct 2007 20:09:19 +0200
386 roundcube (0.1~rc1-1) unstable; urgency=low
388 * New upstream release
389 * Removed non gpl file des.inc
391 -- Romain Beauxis <toots@rastageeks.org> Tue, 24 Jul 2007 13:36:20 +0200
393 roundcube (0.1~rc1~dfsg-3) unstable; urgency=low
395 * Add php5-mcrypt dependency (Closes: #431177)
397 -- Vincent Bernat <bernat@luffy.cx> Sat, 30 Jun 2007 19:36:21 +0200
399 roundcube (0.1~rc1~dfsg-2) unstable; urgency=low
401 * Removed custom unix_timestamp for sqlite: solved upstream
402 * Debconf templates and debian/control reviewed by the debian-l10n-
403 english team as part of the Smith review project.
404 Closes: #426086, #427546, #427546
405 * Debconf translation updates:
406 - Galician. Closes: #426140
407 - Basque. Closes: #426150
408 - Czech. Closes: #426428
409 - Portuguese. Closes: #426451
410 - Arabic. Closes: #427110
411 - Italian. Closes: #427206
412 - German. Closes: #427536
413 - French. Closes: #427736
414 - Tamil. Closes: #428254
415 - Russian. Closes: #428364
416 - Spanish. Closes: #428573
418 -- Romain Beauxis <toots@rastageeks.org> Tue, 05 Jun 2007 15:22:36 +0200
420 roundcube (0.1~rc1~dfsg-1) unstable; urgency=low
423 * New upstream release
424 * Update script for sqlite in postinst
426 * Fixed dh_link calls
428 * Added custom patch to use php unix timestamp support
429 with sqlite since UNIX_TIMESTAMP is not supported by sqlite.
430 * Dropped php4 dependencies
432 -- Vincent Bernat <bernat@luffy.cx> Sun, 20 May 2007 13:59:44 +0200
434 roundcube (0.1~beta2.2~dfsg-2) unstable; urgency=low
436 * Fix a security issue by disallowing access to logs.
437 * First upload to unstable.
439 -- Vincent Bernat <bernat@luffy.cx> Sat, 5 May 2007 00:23:40 +0200
441 roundcube (0.1~beta2.2~dfsg-1) experimental; urgency=low
443 * Initial release. (Closes: #333756, #344949)
445 -- Romain Beauxis <toots@rastageeks.org> Tue, 13 Mar 2007 13:28:05 +0100