Add instructions on how to install and upgrade when not using

[roundcube.git] / debian / changelog

roundcube (0.5-3) UNRELEASED; urgency=low

  * Don't assign "skins" directory to www-data. Closes: #612552.
  * Add instructions on how to install and upgrade when not using
    dbconfig-common. We do not ship UPGRADING file any more since it is
    misleading. Closes: #612511.

 -- Vincent Bernat <bernat@debian.org>  Wed, 09 Feb 2011 07:32:42 +0100

roundcube (0.5-2) experimental; urgency=low

  * If 0.3.1 was installed from scratch, upgrade does not work on MySQL
    and PostgreSQL because we try to create an index which already
    exists. With SQLite, the error is ignored, no fix needed. When using
    PostgreSQL, fix this by dropping the index if it already
    exists. Nothing similar seems to exist with MySQL. Therefore, just
    don't create the index. We need to handle this later. See bug
    #610725. Not closing.

 -- Vincent Bernat <bernat@debian.org>  Fri, 21 Jan 2011 21:44:05 +0100

roundcube (0.5-1) experimental; urgency=low

  * New upstream release. Closes: #592312.
     + Drop patches included upstream (DNS prefetching, jQuery 1.4
       handling, email address validation, duplicate headers, incorrectly
       formatted received headers). Adapt other patches. One of the patch
       now correctly states to use dpkg-reconfigure roundcube-core.
       Closes: #608977.
     + Update SQL commands to use to upgrade database.
       That also closes: #602922. Unfortunately, the user may get some
       harmless error messages because there is no way to know if
       0.3.1 was installed from scratch or upgraded from 0.3.
     + Update dependencies to match INSTALL file. Only exception is the
       use of Mail_Mime 1.8.0 in place of 1.8.1 which is not available in
       Debian. We depends on jQuery 1.4.2 because 1.4.4 is not available in
       Debian.
     + All folders are correctly checked since 0.4. Closes: #552430.
     + Also, closes: #553194 since it seems to have been fixed too.
     + There is also the possibility to not top-quote since 0.4.
       Closes: #491063.
     + Closes: #602144. Also fixed.
  * Move .htaccess to /etc/roundcube and use a symlink (Closes: #591369).
  * Don't let www-data overwrite debian-db.php. Closes: #608976.
  * Bump Standards-Version. No changes required.

 -- Vincent Bernat <bernat@debian.org>  Sat, 15 Jan 2011 12:40:27 +0100

roundcube (0.3.1-6) unstable; urgency=low

  * Update Arabic debconf translation, thanks to Ossama Khayat.
    Closes: #596181.
  * Update Portuguese debconf translation, thanks to Christian Perrier.
    Closes: #599575.
  * Add a patch to avoid duplicate boundaries in headers when adding an
    attachment. Closes: #599586.

 -- Vincent Bernat <bernat@debian.org>  Mon, 18 Oct 2010 23:14:37 +0200

roundcube (0.3.1-5) unstable; urgency=low

  * Depends on php-mail-mime 1.7.0 or more recent to handle correctly
    'mime_param_folding' directive. Closes: #588295.
  * Add Danish debconf translation, thanks to Joe Dalton.
    Closes: #593271.
  * Add a patch to fix Received header to behave better with Spam
    Assassin. Closes: #595204.

 -- Vincent Bernat <bernat@debian.org>  Thu, 02 Sep 2010 07:54:58 +0200

roundcube (0.3.1-4) unstable; urgency=low

  * Update README.Debian to state that the variable to modify is
    'htmleditor' instead of 'enable_htmleditor'. Thanks to Hans
    Spaans. Closes: #575556.
  * Add Brazilian Portuguese debconf translation, thanks to Eder
    L. Marques. Closes: #581745.
  * Switch default encoding to UTF-8 instead of ISO-8859-1.
    Closes: #588084.
  * Add more explanations on how to install roundcube in a Debian system
    in README.Debian. Closes: #584458, #582894.
  * Bump Standards-Version. No changes required.
  * Switch to 3.0 (quilt) format.
  * Use Breaks instead of Conflicts to move files from older roundcube
    installations.

 -- Vincent Bernat <bernat@debian.org>  Sat, 17 Jul 2010 17:23:30 +0200

roundcube (0.3.1-3) unstable; urgency=high

  * RFC 5321, section 4.5.3.1, asks to not impose any limits on length if
    possible. We respect this by dropping limitation of the local-part of
    an email address. Closes: #568360, #568537.
  * Suggests php-auth-sasl to enable use of SASL mechanisms for mail
    servers. Closes: #567550.
  * Disable DNS prefetching to avoid information leakage through links
    embedded in messages. This fixes CVE-2010-0464. Closes: #569660.
  * Bump Standards-Version. No changes required.

 -- Vincent Bernat <bernat@debian.org>  Sat, 13 Feb 2010 10:21:49 +0100

roundcube (0.3.1-2) unstable; urgency=low

  * Fix VCS links in debian/control, thanks to Torsten Landschoff.
    Closes: #555900.
  * Really ship NEWS.Debian.
  * Add changesets 3170 and 3202 from upstream to handle gracefully jQuery
    1.4. Thanks to Volker Gropp for the report. Closes: #565715.

 -- Vincent Bernat <bernat@debian.org>  Mon, 18 Jan 2010 23:11:01 +0100

roundcube (0.3.1-1) unstable; urgency=low

  * New upstream release.
  * Add a notice in NEWS.Debian about php.ini options that should be set
    to get Roundcube working properly. Closes: #549428, #552508.

 -- Vincent Bernat <bernat@debian.org>  Sat, 07 Nov 2009 17:41:37 +0100

roundcube (0.3-2) unstable; urgency=low

  * Really fix #544579 since the default value is null without
    quotes. This really Closes: #544579.
  * Enlarge login box to accommodate sk_SK locale. Closes: #542933.

 -- Vincent Bernat <bernat@debian.org>  Sun, 27 Sep 2009 11:26:56 +0200

roundcube (0.3-1) unstable; urgency=low

  * New upstream release. Closes: #545498.
  * Update debconf translations:
      + Italian, thanks to Luca Monducci. Closes: #544199.
      + Czech, thanks to Miroslav Kure. Closes: #546413.
  * Roundcube configuration now uses 'language' instead of 'locale_string'
    to specify the default language. Update postinst to reflect this
    change. Thanks to Richard van den Berg for noticing this. Closes: #544579.
  * Depends on libjs-jquery (>= 1.3) since this is now used by roundcube.
  * Don't ship any plugins for now but ship an empty plugins directory.
  * Ship main .htaccess since it is needed to setup correctly PHP (for
    example, to disable PHP Suhosin cookie encryption).
  * Bump Standards-Version. No changes required.

 -- Vincent Bernat <bernat@debian.org>  Sun, 27 Sep 2009 11:00:30 +0200

roundcube (0.2.2-1) unstable; urgency=low

  * New upstream release
  * Bump Standards-Version. No changes required.
  * Remove *.js.src which are not needed at runtime.
  * Don't send email contents to Google by default by using php5-pspell
    instead. Thanks to Anand Kumria. Closes: #529563.
  * Update debconf translations:
      + Basque, thanks to Piarres Beobide. Closes: #534282.

 -- Vincent Bernat <bernat@debian.org>  Sun, 05 Jul 2009 09:53:17 +0200

roundcube (0.2.1-2) unstable; urgency=low

  * Update debconf translations:
      + German, thanks to Helge Kreutzmann. Closes: #520004.
      + Japanese, thanks to Hideki Yamane. Closes: #520024.
      + Spanish, thanks to Francisco Javier. Closes: #526696.
      + Russian, thanks to Yuri Kozlov. Closes: #528796.
  * Depend on php-mdb2-* (>= 1.5.0b2) since it is needed to fix some
    bugs. Closes: #519104, #519293. Remove not needed any more patch from
    debian/patches/series. Keep it in debian/patches to help backports.

 -- Vincent Bernat <bernat@debian.org>  Sat, 16 May 2009 15:30:17 +0200

roundcube (0.2.1-1) unstable; urgency=low

  * New upstream release:
      + Fix use_packaged_tinymce.patch to apply to this new version
      + Remove cve-2009-0413.patch which has been applied upstream

 -- Vincent Bernat <bernat@debian.org>  Sat, 14 Mar 2009 17:42:07 +0100

roundcube (0.2~stable-2) unstable; urgency=low

  * Update debconf translations:
      + French, thanks to Christian Perrier. Closes: #515806.
      + Swedish, thanks to Martin Bagge. Closes: #516683.
  * Drop virtual package roundcube-db and add dependencies on real package
    instead: this way, we can have versioned dependencies on those to avoid
    version mismatch between packages.
  * Add a patch to not use a MDB2 feature not present in the Debian
    package. Thanks to Grzegorz Sobański for the patch. Closes: #519104.

 -- Vincent Bernat <bernat@debian.org>  Wed, 11 Mar 2009 18:49:32 +0100

roundcube (0.2~stable-1) unstable; urgency=low

  * New upstream version. Closes: #503573, #504570.
      + Add SQL update scripts for this new release and for
        0.2~alpha. Remove copy of SQL upgrade script from debian/rules.
      + Remove patch for CVE-2008-5620 which is now fixed upstream.
      + Remove patch correcting a vulnerability in html2text.php.
      + Remove patch fixing login issue. This is fixed upstream.
      + Remove patch setting the default backend to db instead of mdb2:
        this is not possible any more. We depend on php-mdb2 now.
      + Update patch to use packaged tinymce.
  * Upload to unstable since Lenny is out.
  * Apply fix for XSS issue (CVE-2009-0413). Closes: #514179.
  * Remove hack to update a SQLite table for an upgrade from a quite old
    version of roundcube.
  * Fix pending l10n issues:
      + Update English debconf template. Closes: #473794.
      + Add Swedish translation thanks to Martin Bagge. Closes: #508752.
  * Fix debian/copyright to make lintian happy.

 -- Vincent Bernat <bernat@debian.org>  Sun, 15 Feb 2009 16:18:58 +0100

roundcube (0.2~alpha-4) experimental; urgency=low

  * Add missing ${misc:Depends} to make Lintian happy.
  * Add description to each patch.
  * Execute cron job only if the directory to clean exists.
  * Reload web server configuration instead of restart, thanks to a patch
    from Tiago Bortoletto Vaz. Closes: #508633.
  * Fix a vulnerability in quota image generation. This fixes
    CVE-2008-5620. Thanks to Nico Golde for reporting it. Closes: #509596.
  * Add missing dependency on php5-gd, used for quota bar.
  * For roundcube-pgsql, depends on postgresql-client only. This package
    is provided by the currently supported real package.

 -- Vincent Bernat <bernat@debian.org>  Thu, 25 Dec 2008 11:38:13 +0100

roundcube (0.2~alpha-3) experimental; urgency=high

  [ Vincent Bernat ]
  * Fix a vulnerability in the use of preg_replace (Closes: #508628).
  * Adapt descriptions of roundcube-database packages to refer them as
    metapackages instead of virtual package (Closes: #495434).
  * Add robots.txt from upstream, even if in some configuration, it will
    not be considered (Closes: #499108).
  * Do not ship .htaccess files. Restrictions are set in Apache or
    Lighttpd configuration files (Closes: #500202).

  [ Romain Beauxis ]
  * Changed versioned dependency of rouncube from binary:Version to
    source:Version since these are all architecture independent packages.  

 -- Vincent Bernat <bernat@debian.org>  Sat, 13 Dec 2008 14:36:02 +0100

roundcube (0.2~alpha-2) experimental; urgency=low

  [ Vincent Bernat ]
  * Fix lintian warnings introduced by previous upload
  * Fix lighttpd.conf to make it work with latest versions (Closes: #494044)
  * Do not prepend path to lighty util in postinst and postrm, as per
    Policy Manual section 6.1
  * Ship a bug/control file to have all bugs submitted against roundcube
    metapackage
  * Fix debian/roundcube-core.cron.daily to use
    /etc/default/roundcube-core instead of /etc/default/roundcube which
    should not exist any more

  [ Romain Beauxis ]
  * Versioned roundcube-core dependency for roundcube 

 -- Vincent Bernat <bernat@debian.org>  Sat, 16 Aug 2008 13:22:08 +0200

roundcube (0.2~alpha-1) experimental; urgency=low

  * New upstream release
  * Update debian/watch file to correctly consider those new releases
  * Remove the following patches:
      + messageid-headers-ordering
      + mysql-update-fix
      + disable-tinymce-spellchecker
  * Update the following patches:
      + correct_install_path
      + use_packaged_tinymce
  * Add a new patch to fix a login problem
  * Depends on tinymce >= 3

 -- Vincent Bernat <bernat@debian.org>  Sun, 22 Jun 2008 14:10:44 +0200

roundcube (0.1.1-7) unstable; urgency=low

  * Another fix for incorrect tinymce path. This should be the last one!

 -- Vincent Bernat <bernat@debian.org>  Sun, 22 Jun 2008 12:36:59 +0200

roundcube (0.1.1-6) unstable; urgency=low

  * Fix use_packaged_tinymce patch which was incorrect after switch to
    tinymce2 package.

 -- Vincent Bernat <bernat@debian.org>  Sun, 22 Jun 2008 12:19:16 +0200

roundcube (0.1.1-5) unstable; urgency=low

  * Fix ordering of message-id in message headers, thanks to Reinhard
    Tartler (Closes: #486493)
  * Update Standards-Version to 3.8.0

 -- Vincent Bernat <bernat@debian.org>  Tue, 17 Jun 2008 00:33:40 +0200

roundcube (0.1.1-4) unstable; urgency=low

  * Add Slovak debconf translation, thanks to Ivan Masár (Closes: #481376)
  * Fix debian/copyright:
     + RoundCube is GPL-2 licensed, not GPL-2+
     + Add an explanation on the BSD license present at the top of
       index.php (Closes: #477119)
  * We do not support tinymce 3, yet. Depends on tinymce2 | tinymce (<<
    3). Closes: #481145, #483053, #482295

 -- Vincent Bernat <bernat@debian.org>  Tue, 20 May 2008 20:51:52 +0200

roundcube (0.1.1-3) unstable; urgency=low

  * Fix an error introduced when fixing bug #476803. Thanks to Micah
    Anderson for spotting it (Closes: #479775).
  * Avoid to pop language question at every upgrade. Thanks to Ivan Vucica
    for spotting this. The problem lied in the use of db_metaget to get
    the value of a key set by db_subst in a previous invocation. It seems
    this is not possible any more (Closes: #480043). The fix implies that
    we won't ask the question again if more languages are available since
    last upgrade.

 -- Vincent Bernat <bernat@debian.org>  Thu, 08 May 2008 09:50:24 +0200

roundcube (0.1.1-2) unstable; urgency=low

  * Comment by default Alias directive for tinymce in Apache configuration
    file (Closes: #476162).
  * Allow to preseed language value (Closes: #476803).

 -- Vincent Bernat <bernat@luffy.cx>  Sat, 19 Apr 2008 16:50:28 +0200

roundcube (0.1.1-1) unstable; urgency=low

  * New upstream release
    - Copy old SQL upgrade scripts into debian/sql to allow upgrade from
      versions older than 0.1
    - Patch new MySQL upgrade script to fix a typo
  * Debconf translation updates:
    - Spanish. Closes: #473788
  * Depends on php-mail-mime (>= 1.5.0) and drop compatibility patch
  * Install upstream changelog in /usr/share/doc/roundcube*

 -- Vincent Bernat <bernat@luffy.cx>  Sat, 05 Apr 2008 18:16:33 +0200

roundcube (0.1-4) unstable; urgency=low

  * Debconf translation updates:
    - French. Closes: #469802
    - Russian. Closes: #469847
    - Galician. Closes: #469866
    - German. Closes: #469875
    - Finnish. Closes: #469922
    - Italian. Closes: #469987
    - Czech. Closes: #470150
    - Portuguese. Closes: #470156
    - Spanish. Closes: #470732
    - Basque. Closes: #470871
    - Arabic. Closes: #471470

 -- Vincent Bernat <bernat@luffy.cx>  Sat, 08 Mar 2008 11:15:00 +0100

roundcube (0.1-3) unstable; urgency=low

  * Fix problem with too old php-mail-mime package (Closes: #469814)

 -- Vincent Bernat <bernat@luffy.cx>  Fri, 07 Mar 2008 11:06:49 +0100

roundcube (0.1-2) unstable; urgency=low

  * Ship bin/ directory as well. This fix conversion from HTML to text in
    composition.
  * Disable spellchecker for tinymce since it is not shipped with Debian
    package of tinymce.

 -- Vincent Bernat <bernat@luffy.cx>  Fri, 07 Mar 2008 09:42:39 +0100

roundcube (0.1-1) unstable; urgency=low

  * New upstream release (Closes: #469487).
     - This release seems to fix failure to set some fields when replying,
       with bincimap as IMAP server (Closes: #443562)
     - It also fixes the deletion of multiple messages, still with
       bincimap (Closes: #451404)
  * Remove 'ob_gzhandler.patch' and 'xss-fix.patch'. They have been
    merged upstream.
  * Upstream has switched to MDB2 database backend which is not packaged
    in Debian yet. We switch back to old backend.
  * Fix debian/watch to handle correctly detection of new versions.
  * Add support for lighttpd and remove support for older version of
    Apache. The debconf question about webserver autoconfiguration is
    reworded (Closes: #462961).
  * Do not depend on a specific revision of cdbs.
  * Move po-debconf from Build-Depends-Indep to Build-Depends since it is
    needed for clean target.
  * Correct path to /usr/share/file/magic, provided by libmagic1. Provide
    license information about this file in debian/copyright.

 -- Vincent Bernat <bernat@luffy.cx>  Wed, 05 Mar 2008 20:49:03 +0100

roundcube (0.1~rc2-6) unstable; urgency=high

  * Bug fix: "CVE-2007-6321: Cross-site scripting (XSS) vulnerability",
    thanks to Micah Anderson (Closes: #455840). The patch is from
    http://lists.roundcube.net/mail-archive/dev/2007-12/0000038.html and
    provided by Robin Elfrink. It has been modified with some functions
    stolen from Squirrelmail.
  * Finnish debconf template, thanks to Esko Arajärvi (Closes: #458244).

 -- Vincent Bernat <bernat@luffy.cx>  Sat, 29 Dec 2007 21:55:17 +0100

roundcube (0.1~rc2-5) unstable; urgency=low

  * Deal with old /etc/logrotate.d/roundcube by removing it if left
    untouched (Closes: #456546). Also deal with /etc/default/roundcube and
    /etc/cron.daily/roundcube.

 -- Vincent Bernat <bernat@luffy.cx>  Tue, 18 Dec 2007 23:02:46 +0100

roundcube (0.1~rc2-4) unstable; urgency=low

  * Thightened dependencies for a safe upgrade
  * Finally removed any circular dependency, -db packages no longer pull
    a full roundcube install

 -- Romain Beauxis <toots@rastageeks.org>  Sun, 09 Dec 2007 14:24:24 +0100

roundcube (0.1~rc2-3) unstable; urgency=low

  * Upload to unstable
  * Bumped standard version to 3.7.3 (no changes) 

 -- Romain Beauxis <toots@rastageeks.org>  Sun, 09 Dec 2007 14:19:28 +0100

roundcube (0.1~rc2-2) experimental; urgency=low

  [ Vincent Bernat ]
  * Fix a conflict between ob_gzhandler and zlib output compression,
    thanks to kaouete (Closes: #450482).

  [ Romain Beauxis ]
  * Fix tinymce patch and inclusion
    Closes: #452016
  * Splitted virtual packages to avoid circular dependencies.
    Uploading to experimental, as this is an important change and we may
    expect issues..

 -- Romain Beauxis <toots@rastageeks.org>  Mon, 26 Nov 2007 11:54:21 +0100

roundcube (0.1~rc2-1) unstable; urgency=low

  * New upstream, thanks to Nicolas Stransky (Closes: #447503). This
    release support tinymce as HTML editor. Look at README.Debian for more
    information.
  * Update Galician debconf template, thanks to Jacobo Tarrio (Closes: #447943).

 -- Vincent Bernat <bernat@luffy.cx>  Mon, 29 Oct 2007 22:08:43 +0100

roundcube (0.1~rc1-3) unstable; urgency=low

  * In respect to policy 12.3, do not put main.inc.php.dist in
    /usr/share/doc, thanks to Jonas Smedegaard (Closes: #446502).
  * Update German and French debconf templates, thanks to Christian
    Perrier (Closes: #446458) and Helge Kreutzmann (Closes: #446532).

 -- Vincent Bernat <bernat@luffy.cx>  Sun, 14 Oct 2007 08:41:24 +0200

roundcube (0.1~rc1-2) unstable; urgency=low

  * Fix dependencies by creating virtual packages for each database
    backend, thanks to Joey Hess (Closes: #444925).

 -- Vincent Bernat <bernat@luffy.cx>  Tue, 02 Oct 2007 20:09:19 +0200

roundcube (0.1~rc1-1) unstable; urgency=low

  * New upstream release
  * Removed non gpl file des.inc

 -- Romain Beauxis <toots@rastageeks.org>  Tue, 24 Jul 2007 13:36:20 +0200

roundcube (0.1~rc1~dfsg-3) unstable; urgency=low

  * Add php5-mcrypt dependency (Closes: #431177)

 -- Vincent Bernat <bernat@luffy.cx>  Sat, 30 Jun 2007 19:36:21 +0200

roundcube (0.1~rc1~dfsg-2) unstable; urgency=low

  * Removed custom unix_timestamp for sqlite: solved upstream
  * Debconf templates and debian/control reviewed by the debian-l10n-
    english team as part of the Smith review project.
    Closes: #426086, #427546, #427546
  * Debconf translation updates:
    - Galician. Closes: #426140
    - Basque. Closes: #426150
    - Czech. Closes: #426428
    - Portuguese. Closes: #426451
    - Arabic. Closes: #427110
    - Italian. Closes: #427206
    - German. Closes: #427536
    - French. Closes: #427736
    - Tamil. Closes: #428254
    - Russian. Closes: #428364
    - Spanish. Closes: #428573

 -- Romain Beauxis <toots@rastageeks.org>  Tue, 05 Jun 2007 15:22:36 +0200

roundcube (0.1~rc1~dfsg-1) unstable; urgency=low

  [ Vincent Bernat ]
  * New upstream release
  * Update script for sqlite in postinst
  [ Romain Beauxis ]
  * Fixed dh_link calls
    Closes: #423824
  * Added custom patch to use php unix timestamp support
    with sqlite since UNIX_TIMESTAMP is not supported by sqlite.
  * Dropped php4 dependencies

 -- Vincent Bernat <bernat@luffy.cx>  Sun, 20 May 2007 13:59:44 +0200

roundcube (0.1~beta2.2~dfsg-2) unstable; urgency=low

  * Fix a security issue by disallowing access to logs.
  * First upload to unstable.

 -- Vincent Bernat <bernat@luffy.cx>  Sat,  5 May 2007 00:23:40 +0200

roundcube (0.1~beta2.2~dfsg-1) experimental; urgency=low

  * Initial release. (Closes: #333756, #344949)

 -- Romain Beauxis <toots@rastageeks.org>  Tue, 13 Mar 2007 13:28:05 +0100