1 roundcube (0.5-3) UNRELEASED; urgency=low
3 * Don't assign "skins" directory to www-data. Closes: #612552.
4 * Add instructions on how to install and upgrade when not using
5 dbconfig-common. We do not ship UPGRADING file any more since it is
6 misleading. Closes: #612511.
8 -- Vincent Bernat <bernat@debian.org> Wed, 09 Feb 2011 07:32:42 +0100
10 roundcube (0.5-2) experimental; urgency=low
12 * If 0.3.1 was installed from scratch, upgrade does not work on MySQL
13 and PostgreSQL because we try to create an index which already
14 exists. With SQLite, the error is ignored, no fix needed. When using
15 PostgreSQL, fix this by dropping the index if it already
16 exists. Nothing similar seems to exist with MySQL. Therefore, just
17 don't create the index. We need to handle this later. See bug
20 -- Vincent Bernat <bernat@debian.org> Fri, 21 Jan 2011 21:44:05 +0100
22 roundcube (0.5-1) experimental; urgency=low
24 * New upstream release. Closes: #592312.
25 + Drop patches included upstream (DNS prefetching, jQuery 1.4
26 handling, email address validation, duplicate headers, incorrectly
27 formatted received headers). Adapt other patches. One of the patch
28 now correctly states to use dpkg-reconfigure roundcube-core.
30 + Update SQL commands to use to upgrade database.
31 That also closes: #602922. Unfortunately, the user may get some
32 harmless error messages because there is no way to know if
33 0.3.1 was installed from scratch or upgraded from 0.3.
34 + Update dependencies to match INSTALL file. Only exception is the
35 use of Mail_Mime 1.8.0 in place of 1.8.1 which is not available in
36 Debian. We depends on jQuery 1.4.2 because 1.4.4 is not available in
38 + All folders are correctly checked since 0.4. Closes: #552430.
39 + Also, closes: #553194 since it seems to have been fixed too.
40 + There is also the possibility to not top-quote since 0.4.
42 + Closes: #602144. Also fixed.
43 * Move .htaccess to /etc/roundcube and use a symlink (Closes: #591369).
44 * Don't let www-data overwrite debian-db.php. Closes: #608976.
45 * Bump Standards-Version. No changes required.
47 -- Vincent Bernat <bernat@debian.org> Sat, 15 Jan 2011 12:40:27 +0100
49 roundcube (0.3.1-6) unstable; urgency=low
51 * Update Arabic debconf translation, thanks to Ossama Khayat.
53 * Update Portuguese debconf translation, thanks to Christian Perrier.
55 * Add a patch to avoid duplicate boundaries in headers when adding an
56 attachment. Closes: #599586.
58 -- Vincent Bernat <bernat@debian.org> Mon, 18 Oct 2010 23:14:37 +0200
60 roundcube (0.3.1-5) unstable; urgency=low
62 * Depends on php-mail-mime 1.7.0 or more recent to handle correctly
63 'mime_param_folding' directive. Closes: #588295.
64 * Add Danish debconf translation, thanks to Joe Dalton.
66 * Add a patch to fix Received header to behave better with Spam
67 Assassin. Closes: #595204.
69 -- Vincent Bernat <bernat@debian.org> Thu, 02 Sep 2010 07:54:58 +0200
71 roundcube (0.3.1-4) unstable; urgency=low
73 * Update README.Debian to state that the variable to modify is
74 'htmleditor' instead of 'enable_htmleditor'. Thanks to Hans
75 Spaans. Closes: #575556.
76 * Add Brazilian Portuguese debconf translation, thanks to Eder
77 L. Marques. Closes: #581745.
78 * Switch default encoding to UTF-8 instead of ISO-8859-1.
80 * Add more explanations on how to install roundcube in a Debian system
81 in README.Debian. Closes: #584458, #582894.
82 * Bump Standards-Version. No changes required.
83 * Switch to 3.0 (quilt) format.
84 * Use Breaks instead of Conflicts to move files from older roundcube
87 -- Vincent Bernat <bernat@debian.org> Sat, 17 Jul 2010 17:23:30 +0200
89 roundcube (0.3.1-3) unstable; urgency=high
91 * RFC 5321, section 4.5.3.1, asks to not impose any limits on length if
92 possible. We respect this by dropping limitation of the local-part of
93 an email address. Closes: #568360, #568537.
94 * Suggests php-auth-sasl to enable use of SASL mechanisms for mail
95 servers. Closes: #567550.
96 * Disable DNS prefetching to avoid information leakage through links
97 embedded in messages. This fixes CVE-2010-0464. Closes: #569660.
98 * Bump Standards-Version. No changes required.
100 -- Vincent Bernat <bernat@debian.org> Sat, 13 Feb 2010 10:21:49 +0100
102 roundcube (0.3.1-2) unstable; urgency=low
104 * Fix VCS links in debian/control, thanks to Torsten Landschoff.
106 * Really ship NEWS.Debian.
107 * Add changesets 3170 and 3202 from upstream to handle gracefully jQuery
108 1.4. Thanks to Volker Gropp for the report. Closes: #565715.
110 -- Vincent Bernat <bernat@debian.org> Mon, 18 Jan 2010 23:11:01 +0100
112 roundcube (0.3.1-1) unstable; urgency=low
114 * New upstream release.
115 * Add a notice in NEWS.Debian about php.ini options that should be set
116 to get Roundcube working properly. Closes: #549428, #552508.
118 -- Vincent Bernat <bernat@debian.org> Sat, 07 Nov 2009 17:41:37 +0100
120 roundcube (0.3-2) unstable; urgency=low
122 * Really fix #544579 since the default value is null without
123 quotes. This really Closes: #544579.
124 * Enlarge login box to accommodate sk_SK locale. Closes: #542933.
126 -- Vincent Bernat <bernat@debian.org> Sun, 27 Sep 2009 11:26:56 +0200
128 roundcube (0.3-1) unstable; urgency=low
130 * New upstream release. Closes: #545498.
131 * Update debconf translations:
132 + Italian, thanks to Luca Monducci. Closes: #544199.
133 + Czech, thanks to Miroslav Kure. Closes: #546413.
134 * Roundcube configuration now uses 'language' instead of 'locale_string'
135 to specify the default language. Update postinst to reflect this
136 change. Thanks to Richard van den Berg for noticing this. Closes: #544579.
137 * Depends on libjs-jquery (>= 1.3) since this is now used by roundcube.
138 * Don't ship any plugins for now but ship an empty plugins directory.
139 * Ship main .htaccess since it is needed to setup correctly PHP (for
140 example, to disable PHP Suhosin cookie encryption).
141 * Bump Standards-Version. No changes required.
143 -- Vincent Bernat <bernat@debian.org> Sun, 27 Sep 2009 11:00:30 +0200
145 roundcube (0.2.2-1) unstable; urgency=low
147 * New upstream release
148 * Bump Standards-Version. No changes required.
149 * Remove *.js.src which are not needed at runtime.
150 * Don't send email contents to Google by default by using php5-pspell
151 instead. Thanks to Anand Kumria. Closes: #529563.
152 * Update debconf translations:
153 + Basque, thanks to Piarres Beobide. Closes: #534282.
155 -- Vincent Bernat <bernat@debian.org> Sun, 05 Jul 2009 09:53:17 +0200
157 roundcube (0.2.1-2) unstable; urgency=low
159 * Update debconf translations:
160 + German, thanks to Helge Kreutzmann. Closes: #520004.
161 + Japanese, thanks to Hideki Yamane. Closes: #520024.
162 + Spanish, thanks to Francisco Javier. Closes: #526696.
163 + Russian, thanks to Yuri Kozlov. Closes: #528796.
164 * Depend on php-mdb2-* (>= 1.5.0b2) since it is needed to fix some
165 bugs. Closes: #519104, #519293. Remove not needed any more patch from
166 debian/patches/series. Keep it in debian/patches to help backports.
168 -- Vincent Bernat <bernat@debian.org> Sat, 16 May 2009 15:30:17 +0200
170 roundcube (0.2.1-1) unstable; urgency=low
172 * New upstream release:
173 + Fix use_packaged_tinymce.patch to apply to this new version
174 + Remove cve-2009-0413.patch which has been applied upstream
176 -- Vincent Bernat <bernat@debian.org> Sat, 14 Mar 2009 17:42:07 +0100
178 roundcube (0.2~stable-2) unstable; urgency=low
180 * Update debconf translations:
181 + French, thanks to Christian Perrier. Closes: #515806.
182 + Swedish, thanks to Martin Bagge. Closes: #516683.
183 * Drop virtual package roundcube-db and add dependencies on real package
184 instead: this way, we can have versioned dependencies on those to avoid
185 version mismatch between packages.
186 * Add a patch to not use a MDB2 feature not present in the Debian
187 package. Thanks to Grzegorz Sobański for the patch. Closes: #519104.
189 -- Vincent Bernat <bernat@debian.org> Wed, 11 Mar 2009 18:49:32 +0100
191 roundcube (0.2~stable-1) unstable; urgency=low
193 * New upstream version. Closes: #503573, #504570.
194 + Add SQL update scripts for this new release and for
195 0.2~alpha. Remove copy of SQL upgrade script from debian/rules.
196 + Remove patch for CVE-2008-5620 which is now fixed upstream.
197 + Remove patch correcting a vulnerability in html2text.php.
198 + Remove patch fixing login issue. This is fixed upstream.
199 + Remove patch setting the default backend to db instead of mdb2:
200 this is not possible any more. We depend on php-mdb2 now.
201 + Update patch to use packaged tinymce.
202 * Upload to unstable since Lenny is out.
203 * Apply fix for XSS issue (CVE-2009-0413). Closes: #514179.
204 * Remove hack to update a SQLite table for an upgrade from a quite old
205 version of roundcube.
206 * Fix pending l10n issues:
207 + Update English debconf template. Closes: #473794.
208 + Add Swedish translation thanks to Martin Bagge. Closes: #508752.
209 * Fix debian/copyright to make lintian happy.
211 -- Vincent Bernat <bernat@debian.org> Sun, 15 Feb 2009 16:18:58 +0100
213 roundcube (0.2~alpha-4) experimental; urgency=low
215 * Add missing ${misc:Depends} to make Lintian happy.
216 * Add description to each patch.
217 * Execute cron job only if the directory to clean exists.
218 * Reload web server configuration instead of restart, thanks to a patch
219 from Tiago Bortoletto Vaz. Closes: #508633.
220 * Fix a vulnerability in quota image generation. This fixes
221 CVE-2008-5620. Thanks to Nico Golde for reporting it. Closes: #509596.
222 * Add missing dependency on php5-gd, used for quota bar.
223 * For roundcube-pgsql, depends on postgresql-client only. This package
224 is provided by the currently supported real package.
226 -- Vincent Bernat <bernat@debian.org> Thu, 25 Dec 2008 11:38:13 +0100
228 roundcube (0.2~alpha-3) experimental; urgency=high
231 * Fix a vulnerability in the use of preg_replace (Closes: #508628).
232 * Adapt descriptions of roundcube-database packages to refer them as
233 metapackages instead of virtual package (Closes: #495434).
234 * Add robots.txt from upstream, even if in some configuration, it will
235 not be considered (Closes: #499108).
236 * Do not ship .htaccess files. Restrictions are set in Apache or
237 Lighttpd configuration files (Closes: #500202).
240 * Changed versioned dependency of rouncube from binary:Version to
241 source:Version since these are all architecture independent packages.
243 -- Vincent Bernat <bernat@debian.org> Sat, 13 Dec 2008 14:36:02 +0100
245 roundcube (0.2~alpha-2) experimental; urgency=low
248 * Fix lintian warnings introduced by previous upload
249 * Fix lighttpd.conf to make it work with latest versions (Closes: #494044)
250 * Do not prepend path to lighty util in postinst and postrm, as per
251 Policy Manual section 6.1
252 * Ship a bug/control file to have all bugs submitted against roundcube
254 * Fix debian/roundcube-core.cron.daily to use
255 /etc/default/roundcube-core instead of /etc/default/roundcube which
256 should not exist any more
259 * Versioned roundcube-core dependency for roundcube
261 -- Vincent Bernat <bernat@debian.org> Sat, 16 Aug 2008 13:22:08 +0200
263 roundcube (0.2~alpha-1) experimental; urgency=low
265 * New upstream release
266 * Update debian/watch file to correctly consider those new releases
267 * Remove the following patches:
268 + messageid-headers-ordering
270 + disable-tinymce-spellchecker
271 * Update the following patches:
272 + correct_install_path
273 + use_packaged_tinymce
274 * Add a new patch to fix a login problem
275 * Depends on tinymce >= 3
277 -- Vincent Bernat <bernat@debian.org> Sun, 22 Jun 2008 14:10:44 +0200
279 roundcube (0.1.1-7) unstable; urgency=low
281 * Another fix for incorrect tinymce path. This should be the last one!
283 -- Vincent Bernat <bernat@debian.org> Sun, 22 Jun 2008 12:36:59 +0200
285 roundcube (0.1.1-6) unstable; urgency=low
287 * Fix use_packaged_tinymce patch which was incorrect after switch to
290 -- Vincent Bernat <bernat@debian.org> Sun, 22 Jun 2008 12:19:16 +0200
292 roundcube (0.1.1-5) unstable; urgency=low
294 * Fix ordering of message-id in message headers, thanks to Reinhard
295 Tartler (Closes: #486493)
296 * Update Standards-Version to 3.8.0
298 -- Vincent Bernat <bernat@debian.org> Tue, 17 Jun 2008 00:33:40 +0200
300 roundcube (0.1.1-4) unstable; urgency=low
302 * Add Slovak debconf translation, thanks to Ivan Masár (Closes: #481376)
303 * Fix debian/copyright:
304 + RoundCube is GPL-2 licensed, not GPL-2+
305 + Add an explanation on the BSD license present at the top of
306 index.php (Closes: #477119)
307 * We do not support tinymce 3, yet. Depends on tinymce2 | tinymce (<<
308 3). Closes: #481145, #483053, #482295
310 -- Vincent Bernat <bernat@debian.org> Tue, 20 May 2008 20:51:52 +0200
312 roundcube (0.1.1-3) unstable; urgency=low
314 * Fix an error introduced when fixing bug #476803. Thanks to Micah
315 Anderson for spotting it (Closes: #479775).
316 * Avoid to pop language question at every upgrade. Thanks to Ivan Vucica
317 for spotting this. The problem lied in the use of db_metaget to get
318 the value of a key set by db_subst in a previous invocation. It seems
319 this is not possible any more (Closes: #480043). The fix implies that
320 we won't ask the question again if more languages are available since
323 -- Vincent Bernat <bernat@debian.org> Thu, 08 May 2008 09:50:24 +0200
325 roundcube (0.1.1-2) unstable; urgency=low
327 * Comment by default Alias directive for tinymce in Apache configuration
328 file (Closes: #476162).
329 * Allow to preseed language value (Closes: #476803).
331 -- Vincent Bernat <bernat@luffy.cx> Sat, 19 Apr 2008 16:50:28 +0200
333 roundcube (0.1.1-1) unstable; urgency=low
335 * New upstream release
336 - Copy old SQL upgrade scripts into debian/sql to allow upgrade from
337 versions older than 0.1
338 - Patch new MySQL upgrade script to fix a typo
339 * Debconf translation updates:
340 - Spanish. Closes: #473788
341 * Depends on php-mail-mime (>= 1.5.0) and drop compatibility patch
342 * Install upstream changelog in /usr/share/doc/roundcube*
344 -- Vincent Bernat <bernat@luffy.cx> Sat, 05 Apr 2008 18:16:33 +0200
346 roundcube (0.1-4) unstable; urgency=low
348 * Debconf translation updates:
349 - French. Closes: #469802
350 - Russian. Closes: #469847
351 - Galician. Closes: #469866
352 - German. Closes: #469875
353 - Finnish. Closes: #469922
354 - Italian. Closes: #469987
355 - Czech. Closes: #470150
356 - Portuguese. Closes: #470156
357 - Spanish. Closes: #470732
358 - Basque. Closes: #470871
359 - Arabic. Closes: #471470
361 -- Vincent Bernat <bernat@luffy.cx> Sat, 08 Mar 2008 11:15:00 +0100
363 roundcube (0.1-3) unstable; urgency=low
365 * Fix problem with too old php-mail-mime package (Closes: #469814)
367 -- Vincent Bernat <bernat@luffy.cx> Fri, 07 Mar 2008 11:06:49 +0100
369 roundcube (0.1-2) unstable; urgency=low
371 * Ship bin/ directory as well. This fix conversion from HTML to text in
373 * Disable spellchecker for tinymce since it is not shipped with Debian
376 -- Vincent Bernat <bernat@luffy.cx> Fri, 07 Mar 2008 09:42:39 +0100
378 roundcube (0.1-1) unstable; urgency=low
380 * New upstream release (Closes: #469487).
381 - This release seems to fix failure to set some fields when replying,
382 with bincimap as IMAP server (Closes: #443562)
383 - It also fixes the deletion of multiple messages, still with
384 bincimap (Closes: #451404)
385 * Remove 'ob_gzhandler.patch' and 'xss-fix.patch'. They have been
387 * Upstream has switched to MDB2 database backend which is not packaged
388 in Debian yet. We switch back to old backend.
389 * Fix debian/watch to handle correctly detection of new versions.
390 * Add support for lighttpd and remove support for older version of
391 Apache. The debconf question about webserver autoconfiguration is
392 reworded (Closes: #462961).
393 * Do not depend on a specific revision of cdbs.
394 * Move po-debconf from Build-Depends-Indep to Build-Depends since it is
395 needed for clean target.
396 * Correct path to /usr/share/file/magic, provided by libmagic1. Provide
397 license information about this file in debian/copyright.
399 -- Vincent Bernat <bernat@luffy.cx> Wed, 05 Mar 2008 20:49:03 +0100
401 roundcube (0.1~rc2-6) unstable; urgency=high
403 * Bug fix: "CVE-2007-6321: Cross-site scripting (XSS) vulnerability",
404 thanks to Micah Anderson (Closes: #455840). The patch is from
405 http://lists.roundcube.net/mail-archive/dev/2007-12/0000038.html and
406 provided by Robin Elfrink. It has been modified with some functions
407 stolen from Squirrelmail.
408 * Finnish debconf template, thanks to Esko Arajärvi (Closes: #458244).
410 -- Vincent Bernat <bernat@luffy.cx> Sat, 29 Dec 2007 21:55:17 +0100
412 roundcube (0.1~rc2-5) unstable; urgency=low
414 * Deal with old /etc/logrotate.d/roundcube by removing it if left
415 untouched (Closes: #456546). Also deal with /etc/default/roundcube and
416 /etc/cron.daily/roundcube.
418 -- Vincent Bernat <bernat@luffy.cx> Tue, 18 Dec 2007 23:02:46 +0100
420 roundcube (0.1~rc2-4) unstable; urgency=low
422 * Thightened dependencies for a safe upgrade
423 * Finally removed any circular dependency, -db packages no longer pull
424 a full roundcube install
426 -- Romain Beauxis <toots@rastageeks.org> Sun, 09 Dec 2007 14:24:24 +0100
428 roundcube (0.1~rc2-3) unstable; urgency=low
431 * Bumped standard version to 3.7.3 (no changes)
433 -- Romain Beauxis <toots@rastageeks.org> Sun, 09 Dec 2007 14:19:28 +0100
435 roundcube (0.1~rc2-2) experimental; urgency=low
438 * Fix a conflict between ob_gzhandler and zlib output compression,
439 thanks to kaouete (Closes: #450482).
442 * Fix tinymce patch and inclusion
444 * Splitted virtual packages to avoid circular dependencies.
445 Uploading to experimental, as this is an important change and we may
448 -- Romain Beauxis <toots@rastageeks.org> Mon, 26 Nov 2007 11:54:21 +0100
450 roundcube (0.1~rc2-1) unstable; urgency=low
452 * New upstream, thanks to Nicolas Stransky (Closes: #447503). This
453 release support tinymce as HTML editor. Look at README.Debian for more
455 * Update Galician debconf template, thanks to Jacobo Tarrio (Closes: #447943).
457 -- Vincent Bernat <bernat@luffy.cx> Mon, 29 Oct 2007 22:08:43 +0100
459 roundcube (0.1~rc1-3) unstable; urgency=low
461 * In respect to policy 12.3, do not put main.inc.php.dist in
462 /usr/share/doc, thanks to Jonas Smedegaard (Closes: #446502).
463 * Update German and French debconf templates, thanks to Christian
464 Perrier (Closes: #446458) and Helge Kreutzmann (Closes: #446532).
466 -- Vincent Bernat <bernat@luffy.cx> Sun, 14 Oct 2007 08:41:24 +0200
468 roundcube (0.1~rc1-2) unstable; urgency=low
470 * Fix dependencies by creating virtual packages for each database
471 backend, thanks to Joey Hess (Closes: #444925).
473 -- Vincent Bernat <bernat@luffy.cx> Tue, 02 Oct 2007 20:09:19 +0200
475 roundcube (0.1~rc1-1) unstable; urgency=low
477 * New upstream release
478 * Removed non gpl file des.inc
480 -- Romain Beauxis <toots@rastageeks.org> Tue, 24 Jul 2007 13:36:20 +0200
482 roundcube (0.1~rc1~dfsg-3) unstable; urgency=low
484 * Add php5-mcrypt dependency (Closes: #431177)
486 -- Vincent Bernat <bernat@luffy.cx> Sat, 30 Jun 2007 19:36:21 +0200
488 roundcube (0.1~rc1~dfsg-2) unstable; urgency=low
490 * Removed custom unix_timestamp for sqlite: solved upstream
491 * Debconf templates and debian/control reviewed by the debian-l10n-
492 english team as part of the Smith review project.
493 Closes: #426086, #427546, #427546
494 * Debconf translation updates:
495 - Galician. Closes: #426140
496 - Basque. Closes: #426150
497 - Czech. Closes: #426428
498 - Portuguese. Closes: #426451
499 - Arabic. Closes: #427110
500 - Italian. Closes: #427206
501 - German. Closes: #427536
502 - French. Closes: #427736
503 - Tamil. Closes: #428254
504 - Russian. Closes: #428364
505 - Spanish. Closes: #428573
507 -- Romain Beauxis <toots@rastageeks.org> Tue, 05 Jun 2007 15:22:36 +0200
509 roundcube (0.1~rc1~dfsg-1) unstable; urgency=low
512 * New upstream release
513 * Update script for sqlite in postinst
515 * Fixed dh_link calls
517 * Added custom patch to use php unix timestamp support
518 with sqlite since UNIX_TIMESTAMP is not supported by sqlite.
519 * Dropped php4 dependencies
521 -- Vincent Bernat <bernat@luffy.cx> Sun, 20 May 2007 13:59:44 +0200
523 roundcube (0.1~beta2.2~dfsg-2) unstable; urgency=low
525 * Fix a security issue by disallowing access to logs.
526 * First upload to unstable.
528 -- Vincent Bernat <bernat@luffy.cx> Sat, 5 May 2007 00:23:40 +0200
530 roundcube (0.1~beta2.2~dfsg-1) experimental; urgency=low
532 * Initial release. (Closes: #333756, #344949)
534 -- Romain Beauxis <toots@rastageeks.org> Tue, 13 Mar 2007 13:28:05 +0100