Author: hefee
Revision Date: 2015-05-05 00:11:01 UTC

[ Sandro Knauß ]
* Release to unstable (freeze is over)
* Updated lintian-overrides
  + Config is created by postinst, so it is missing for lintian
* Move from cdbs -> debhelper
  + Install & rename htaccess in /usr/share
  + Added link to external jquery.min.js
  + Make tinymce link to exp repo the right way around
  + Correct links from /var/lib -> /etc
  + Only minify js for own javascript and not linked ones
  + Create config.inc.php also for plugins in roundcube-core
  + Create /usr/share/bug/$(package)/control for every package
* Link all docs dirs to roundcube-core instead of coping doc files
  + Move examples from roundcube-plugins -> roundcube-core
* d/watch file: be able to match rc, alpha, beta tarballs

[ Vincent Bernat ]
* d/watch: don't match "-complete" tarball

Author: hefee
Revision Date: 2015-05-05 00:11:01 UTC

[ Sandro Knauß ]
* Release to unstable (freeze is over)
* Updated lintian-overrides
  + Config is created by postinst, so it is missing for lintian
* Move from cdbs -> debhelper
  + Install & rename htaccess in /usr/share
  + Added link to external jquery.min.js
  + Make tinymce link to exp repo the right way around
  + Correct links from /var/lib -> /etc
  + Only minify js for own javascript and not linked ones
  + Create config.inc.php also for plugins in roundcube-core
  + Create /usr/share/bug/$(package)/control for every package
* Link all docs dirs to roundcube-core instead of coping doc files
  + Move examples from roundcube-plugins -> roundcube-core
* d/watch file: be able to match rc, alpha, beta tarballs

[ Vincent Bernat ]
* d/watch: don't match "-complete" tarball

Author: Vincent Bernat
Revision Date: 2015-01-31 16:32:11 UTC

* NMU.
* Add a patch to fix XSS vulnerability. CVE-2015-1433.
  Closes: #776700.

Author: Vincent Bernat
Revision Date: 2015-01-31 16:32:11 UTC

* NMU.
* Add a patch to fix XSS vulnerability. CVE-2015-1433.
  Closes: #776700.

Author: Vincent Bernat
Revision Date: 2014-01-20 20:01:25 UTC

* Depends directly on postgresql-client instead of a particular (and
  sometimes outdated) version. Closes: #732369.
* Add mariadb-client/mariadb-server as possible alternatives for
  mysql-client/mysql-server. Closes: #732909.
* Bump Standards-Version.

Author: Vincent Bernat
Revision Date: 2014-01-20 20:01:25 UTC

* Depends directly on postgresql-client instead of a particular (and
  sometimes outdated) version. Closes: #732369.
* Add mariadb-client/mariadb-server as possible alternatives for
  mysql-client/mysql-server. Closes: #732909.
* Bump Standards-Version.

Author: Vincent Bernat
Revision Date: 2014-01-20 20:01:25 UTC

* Depends directly on postgresql-client instead of a particular (and
  sometimes outdated) version. Closes: #732369.
* Add mariadb-client/mariadb-server as possible alternatives for
  mysql-client/mysql-server. Closes: #732909.
* Bump Standards-Version.

Author: Vincent Bernat
Revision Date: 2013-07-31 21:12:05 UTC

* Depends on php5-sqlite instead of php5-sqlite3. Closes: #714727.
* Add a patch to map "sqlite3" driver to "sqlite".
* Breaks/replaces older versions of roundcube-plugins-extra (zipdownload
  plugin is now part of roundcube-plugins). Closes: #714135.
* Downgrade php5-gd and php5-pspell to Recommends. Closes: #714448.
* Depends on libapache2-mod-php5 | php5 to allow support of PHP FPM.

Author: Vincent Bernat
Revision Date: 2013-07-31 21:12:05 UTC

* Depends on php5-sqlite instead of php5-sqlite3. Closes: #714727.
* Add a patch to map "sqlite3" driver to "sqlite".
* Breaks/replaces older versions of roundcube-plugins-extra (zipdownload
  plugin is now part of roundcube-plugins). Closes: #714135.
* Downgrade php5-gd and php5-pspell to Recommends. Closes: #714448.
* Depends on libapache2-mod-php5 | php5 to allow support of PHP FPM.

Author: Vincent Bernat
Revision Date: 2013-03-27 22:01:25 UTC

Fix a vulnerability allowing logged users to override any variable
which may be used to steal credentials of other users or read
arbitrary files.

Author: Vincent Bernat
Revision Date: 2013-03-27 22:01:25 UTC

Fix a vulnerability allowing logged users to override any variable
which may be used to steal credentials of other users or read
arbitrary files.

Author: Vincent Bernat
Revision Date: 2012-09-29 11:39:07 UTC

* Fix problem with some uuencoded attachments. Patch from Michał
  Mirosław. Closes: #686857.
* Don't handle old configuration files from legacy roundcube
  package. roundcube package is an empty metapackage since
  Squeeze. Closes: #688230.

Author: Vincent Bernat
Revision Date: 2012-02-07 17:37:52 UTC

* Remove roundcube-sqlite package since php5 package does not ship
  SQLite 2.x support anymore. Roundcube is incompatible with SQLite 3.x.
  Closes: #657092.
* Urgency set to high for php5 migration into testing.

Author: Vincent Bernat
Revision Date: 2011-07-13 08:33:01 UTC

[ Vincent Bernat ]
* New upstream version.
   + Fix XSS vulnerability in UI messages (Closes: #641996).
* Switch to Git for version control thanks to Jérémy
  Bobbio. debian/control updated.
* Ship INSTALL. Closes: #633698.

[ Jérémy Bobbio ]
* Re-add 'password' plugin to roundcube-plugins.

Author: Vincent Bernat
Revision Date: 2011-03-11 09:08:32 UTC

Make dbconfig-common use sqlite by default to ensure that the package
can be configured non-interactively in most cases. Closes: #617754.

Author: Vincent Bernat
Revision Date: 2010-07-17 17:23:30 UTC

* Update README.Debian to state that the variable to modify is
  'htmleditor' instead of 'enable_htmleditor'. Thanks to Hans
  Spaans. Closes: #575556.
* Add Brazilian Portuguese debconf translation, thanks to Eder
  L. Marques. Closes: #581745.
* Switch default encoding to UTF-8 instead of ISO-8859-1.
  Closes: #588084.
* Add more explanations on how to install roundcube in a Debian system
  in README.Debian. Closes: #584458, #582894.
* Bump Standards-Version. No changes required.
* Switch to 3.0 (quilt) format.
* Use Breaks instead of Conflicts to move files from older roundcube
  installations.

Author: Vincent Bernat
Revision Date: 2010-02-13 10:21:49 UTC

* RFC 5321, section 4.5.3.1, asks to not impose any limits on length if
  possible. We respect this by dropping limitation of the local-part of
  an email address. Closes: #568360, #568537.
* Suggests php-auth-sasl to enable use of SASL mechanisms for mail
  servers. Closes: #567550.
* Disable DNS prefetching to avoid information leakage through links
  embedded in messages. This fixes CVE-2010-0464. Closes: #569660.
* Bump Standards-Version. No changes required.

Author: Andrew Starr-Bochicchio
Revision Date: 2009-02-19 13:06:58 UTC

* SECURITY UPDATE: denial of service (memory consumption) via
  crafted size parameters that are used to create a large quota
  image - CVE-2008-5620 (LP: #316550)
 - debian/patches/cve-2008-5620.patch
  + Backported from Debian
* SECURITY UPDATE: allows remote attackers to execute arbitrary
  code via crafted input that is processed by the preg_replace
  function with the eval switch. - CVE-2008-56-19 (LP: #316550)
 - debian/patches/cve-2008-5619.patch
  + Backport from Debian.

Author: Andrew Starr-Bochicchio
Revision Date: 2009-02-19 13:06:58 UTC

* SECURITY UPDATE: denial of service (memory consumption) via
  crafted size parameters that are used to create a large quota
  image - CVE-2008-5620 (LP: #316550)
 - debian/patches/cve-2008-5620.patch
  + Backported from Debian
* SECURITY UPDATE: allows remote attackers to execute arbitrary
  code via crafted input that is processed by the preg_replace
  function with the eval switch. - CVE-2008-56-19 (LP: #316550)
 - debian/patches/cve-2008-5619.patch
  + Backport from Debian.

Author: Vincent Bernat
Revision Date: 2009-03-14 17:42:07 UTC

* New upstream release:
    + Fix use_packaged_tinymce.patch to apply to this new version
    + Remove cve-2009-0413.patch which has been applied upstream

Author: Andrew Starr-Bochicchio
Revision Date: 2009-02-19 13:06:58 UTC

* SECURITY UPDATE: denial of service (memory consumption) via
  crafted size parameters that are used to create a large quota
  image - CVE-2008-5620 (LP: #316550)
 - debian/patches/cve-2008-5620.patch
  + Backported from Debian
* SECURITY UPDATE: allows remote attackers to execute arbitrary
  code via crafted input that is processed by the preg_replace
  function with the eval switch. - CVE-2008-56-19 (LP: #316550)
 - debian/patches/cve-2008-5619.patch
  + Backport from Debian.

Author: Vincent Bernat
Revision Date: 2008-06-22 12:36:59 UTC

Another fix for incorrect tinymce path. This should be the last one!

Author: Andrew Starr-Bochicchio
Revision Date: 2009-02-19 13:06:58 UTC

* SECURITY UPDATE: denial of service (memory consumption) via
  crafted size parameters that are used to create a large quota
  image - CVE-2008-5620 (LP: #316550)
 - debian/patches/cve-2008-5620.patch
  + Backported from Debian
* SECURITY UPDATE: allows remote attackers to execute arbitrary
  code via crafted input that is processed by the preg_replace
  function with the eval switch. - CVE-2008-56-19 (LP: #316550)
 - debian/patches/cve-2008-5619.patch
  + Backport from Debian.

Author: Romain Beauxis
Revision Date: 2008-01-26 03:26:42 UTC

[ Vincent Bernat ]
* Bug fix: "CVE-2007-6321: Cross-site scripting (XSS) vulnerability",
  thanks to Micah Anderson (Closes: #455840). The patch is from
  http://lists.roundcube.net/mail-archive/dev/2007-12/0000038.html and
  provided by Robin Elfrink. It has been modified with some functions
  stolen from Squirrelmail.
* Finnish debconf template, thanks to Esko Arajärvi (Closes: #458244).

[ Romain Beauxis ]
* Added DM-Upload-Allowed: yes to control file.
* Moved po-debconf to Build-Dep since it is needed for clean
  target. Thanks to lintian.

Author: Romain Beauxis
Revision Date: 2007-06-05 15:22:36 UTC

* Removed custom unix_timestamp for sqlite: solved upstream
* Debconf templates and debian/control reviewed by the debian-l10n-
  english team as part of the Smith review project.
  Closes: #426086, #427546, #427546
* Debconf translation updates:
  - Galician. Closes: #426140
  - Basque. Closes: #426150
  - Czech. Closes: #426428
  - Portuguese. Closes: #426451
  - Arabic. Closes: #427110
  - Italian. Closes: #427206
  - German. Closes: #427536
  - French. Closes: #427736
  - Tamil. Closes: #428254
  - Russian. Closes: #428364
  - Spanish. Closes: #428573

Author: Vincent Bernat
Revision Date: 2009-05-16 15:30:17 UTC

* Update debconf translations:
    + German, thanks to Helge Kreutzmann. Closes: #520004.
    + Japanese, thanks to Hideki Yamane. Closes: #520024.
    + Spanish, thanks to Francisco Javier. Closes: #526696.
    + Russian, thanks to Yuri Kozlov. Closes: #528796.
* Depend on php-mdb2-* (>= 1.5.0b2) since it is needed to fix some
  bugs. Closes: #519104, #519293. Remove not needed any more patch from
  debian/patches/series. Keep it in debian/patches to help backports.