horde3 (3.3.6+debian0-2) unstable; urgency=low * Correct debian/links * Updated check for upstream JS libs * Add call to dh_link (Closes: #562138 imp4: Javascript problems after upgrade) -- Mathieu Parent Sat, 26 Dec 2009 00:27:55 +0100 horde3 (3.3.6+debian0-1) unstable; urgency=low * New upstream release. * Change my email address, as I am now Debian developer * Replace config symlink by update-alternatives to allow configuration packages -- Mathieu Parent Sun, 20 Dec 2009 16:39:57 +0100 horde3 (3.3.5+debian0-1) unstable; urgency=high [ Gregory Colpart ] * New upstream release. * This version is mainly for fixing security bugs, in particular a vulnerability in image form fields that allows overwriting of arbitrary local files. See CVE-2009-3236 for more information. (Closes: #547318) * Adjust branch names in debian/rules for refresh-patches. * Add patch-stamp in COPY_EXCLUDE (oops). * Add php-mdb2* packages in Recommends (Closes: #528927). * Update to standards version 3.8.3, no further required changes. [ Mathieu Parent ] * Install /etc/horde/horde3/registry.d directory -- Gregory Colpart Sun, 20 Sep 2009 20:00:25 +0200 horde3 (3.3.4+debian0-1) unstable; urgency=low * New upstream release. * Change Vcs-Browser field (migrate a --bare git repository on alioth). * Update to standards version 3.8.1, no further required changes. -- Gregory Colpart Sat, 02 May 2009 03:46:44 +0200 horde3 (3.3.3+debian0-1) unstable; urgency=low * New upstream release. (Closes: #513015) * This new version has a lot of fixes and improvements, and includes some changes backported previously. * Add "Git patches" stuff in debian/rules. * Add horde PEAR channel within pear-horde-channel package. (Closes: #514007) * Add Mathieu Parent in Uploaders: field. * We use now Git, upgrade Vcs-* in debian/control. -- Gregory Colpart Sun, 15 Mar 2009 19:22:50 +0100 horde3 (3.2.2+debian0-2) unstable; urgency=high * Add informations in README.Debian about test.php files: these files should not be "allow from all", because test.php includes private informations and could be unsafe (for example see CVE-2008-4182). * Include a patch from Horde upstream to fix an IE-only hole in XSS filter (See CVE-2008-5917 for more information). (Closes: #512592) * Include patches from Horde upstream to fix a file inclusion issue in Horde_Image driver name (Image/Image.php) and an unescaped output in the tag cloud block (services/portal/cloud_search.php). (Closes: #513265) -- Gregory Colpart Thu, 29 Jan 2009 01:15:51 +0100 horde3 (3.2.2+debian0-1) unstable; urgency=high * New upstream release. * This version is mainly for fixing two security bugs: unescaped output in the MIME library and improve the XSS filter for HTML (See CVE-2008-3823 for more information). (Closes: #499579) * Add changelog entry with CVE ID in changelog for 3.2.1+debian0-1. * Fix misspelling in Recommends: field. (Closes: #499001) * Improve upgrade path Etch->Lenny with forcing to show diff of /etc/horde/horde3/registry.php because all horde components are now inactive by default. (Closes: #493885) * Change Gregory Colpart's email address in debian/control file. -- Gregory Colpart Mon, 22 Sep 2008 03:28:05 +0200 horde3 (3.2.1+debian0-2) unstable; urgency=low [ Mathieu Parent ] * debian/rules: remove js/src/* in the target directory instead of the source directory [ Gregory Colpart (evolix) ] * Backport patch from Horde CVS to fix a MIME handling bug. Thanks to Marc Dequènes to report it. (Closes: #490125) * Adjust dependencies (php5-gd, php5-mcrypt, php-mail and php-mail-mime are now required; php5-cli is now recommended, etcetera). * Execute now temp-cleanup.cron script as www-data instead of root, and redirect errors to /dev/null. * Add cron script for Alarms. * Allow only www-data to read Horde configuration files. (Closes: #432814) * Adjust watch file with adding dversionmangle option. * Fix line-too-long lintian warnings in debian/copyright. * Disable all Horde components by default, and initial configuration settings to avoid broken pages. (Closes: #487799, #486679) -- Gregory Colpart (evolix) Mon, 21 Jul 2008 04:06:39 +0200 horde3 (3.2.1+debian0-1) unstable; urgency=low * New upstream release. * This new version has major changes compared to the previous version: an alarm system that can send email, generate inline notifications, and play sounds for events in any Horde application; support for read and write databases; operation when the database is down; many performance improvements, several slick new themes; WCAG 1.0 Priority 2/Section 508 accessibility guidelines compliance; full Kolab webclient support; many improvements in the JavaScript and user interface; a new tree view for Help along with keyword search; support for memcache clustering; and many, many bug fixes and small enhancements. * This new upstream release fixes a security bug: a small XSS/unescaped output in obrowser (See CVE-2008-3330 and #492578 for more informations). * With this new version: remove of backported patch for correcting invalid entities in es_ES (#461400) and manual merge for config/mime_drivers.php.dist and config.conf.xml for keeping Debian specific patches. * Thanks to Mathieu Parent for his help/patches for this package. * Repack upstream source to remove fckeditor, tinymce and scriptaculous (size of upstream source is now instead 7 Mo instead of 8 Mo). * Added a check in debian/rules to make sure that those external libs are not in the orig.tar.gz * A lot of improvements in debian/copyright file. * Some adjustements in debian/rules: remove exec rights for xml/png/gif/css/ js/jpg/html/htm files, no more need to remove empty directories and copy CREDITS file. * Link some *.js files with libjs-scriptaculous package. * Link editors (tinymce and fckeditor) with tinymce2 and fckeditor packages. * Add unrtf and libwpd-tools in "Suggests" field. * Add patch to keep PAM authentication stays compatible with precedent version (and with php5-auth-pam package). Add php5-auth-pam to Suggests: field. * Update to standards version 3.8.0, no further required changes. -- Gregory Colpart (evolix) Sat, 14 Jun 2008 17:14:51 +0200 horde3 (3.1.7-1) unstable; urgency=high * New upstream release. * This new version has security fix: fix arbitrary file inclusion through abuse of the theme preference (see CVE-2008-1284 for more informations). (Closes: #470640) * Fix typo in debian/rules comments. * Add php-net-imap package in "Suggests" field. (Closes: #470283) * Add libgeoip1 package in "Suggests" field. (Closes: #376935) -- Gregory Colpart (evolix) Sat, 15 Mar 2008 14:00:34 +0100 horde3 (3.1.6-1) unstable; urgency=high * New upstream release. * This new version has security fixes : privilege escalation in the Horde API and XSS vulnerabilities (see CVE-2007-6018 for more informations). (Closes: #461131) * This new version fixes also translation error in it_IT locale (Closes: #459555) * Import fix from Horde CVS to correct invalid entities in es_ES translantion (thanks to Adrian Santos Marrero ) (Closes: #461400) * Update to standards version 3.7.3, no further required changes. * Use now Vcs-* fields in debian/control. * Remove empty directories which causes lintian warnings. * Bump debhelper compat level to 5. * Add Homepage field. -- Gregory Colpart (evolix) Sun, 20 Jan 2008 20:52:59 +0100 horde3 (3.1.4-2) unstable; urgency=low [ Gregory Colpart (evolix) ] * Added XS-VCS-* fields in debian/control. * Typo in previous changelog. [ Ola Lundqvist ] * Correction of log file problem in configuration file, closes: #452351. * Document that the echo line need to be removed as well, closes: #456908. -- Ola Lundqvist Sat, 22 Dec 2007 11:21:40 +0100 horde3 (3.1.4-1) unstable; urgency=high * New upstream release. * Transition to PHP5 for Recommends and Suggests fields. (Closes: #432237) * Remove old phpapi-* from Depends: (Closes: #420644) * Clean Depends, Recommends and Suggests fields. * Remove exec right for XML files in debian/rules. * Add locales in Recommends. * Disable upstream _detect_webroot() function (unusable in Debian). * Fix XSS vulnerability. See CVE-2007-1473 for more information. (Closes: #434045) -- Gregory Colpart (evolix) Tue, 24 Jul 2007 18:48:35 -0400 horde3 (3.1.3-5) unstable; urgency=low * Changed webroot from /horde to /horde3, especially regarding cookie handling, closes: #391493. -- Ola Lundqvist Mon, 21 May 2007 07:03:41 +0200 horde3 (3.1.3-4) unstable; urgency=high * Correction for arbitrary file deletion vulnerability, closes: #415116. Thanks to Paul TBBle Hampson for providing the patch. -- Ola Lundqvist Sat, 24 Mar 2007 21:19:05 +0100 horde3 (3.1.3-3) unstable; urgency=low * Recommend php-db (closes: #400277) -- Lionel Elie Mamane Sat, 27 Jan 2007 19:38:21 +0100 horde3 (3.1.3-2) unstable; urgency=low * Changed the default cookie path from /horde to horde3, closes: #391493. Thanks for Gregory Colpart for committing this change and to Lorenzo Bettini for suggesting it. -- Ola Lundqvist Mon, 9 Oct 2006 14:00:35 +0200 horde3 (3.1.3-1) unstable; urgency=low * New upstream version, closes: #383416. This is a bugfix release to correct CVE-2006-4256. * Now suggests gettext, closes: #385457. -- Ola Lundqvist Sun, 3 Sep 2006 12:34:06 +0200 horde3 (3.1.2-1) unstable; urgency=medium * New upstream release. One of the following is true: - This release fixes security problems CVE-2006-3549 and CVE-2006-3548 - These security problems were already fixed in the past in the Debian branch. - These security problems were already partially fixed in the past in the Debian version and this release mops up the rest. In all cases, closes: #378281 * Tweak README.Debian and example config a bit (closes: #373235) * Make the PHP tempdir configurable instead of hardcoded in the weekly cleanup script (closes: #376526) * Put the CREDITS file where the online help viewer expects it (closes: #357377) * Bump up Standards-Version -- Lionel Elie Mamane Sun, 16 Jul 2006 13:12:10 +0200 horde3 (3.1.1-4) UNRELEASED; urgency=low * Put debhelper in Build-Depends, not B-D-Indep. -- Lionel Elie Mamane Fri, 16 Jun 2006 11:49:45 +0200 horde3 (3.1.1-3) unstable; urgency=high * The SuSE maintainer found several XSS isses in Horde. See CVE-2006-2195 for more information. Thanks to Moritz Muehlenhoff for providing the patch. -- Ola Lundqvist Wed, 14 Jun 2006 09:36:43 +0200 horde3 (3.1.1-2) unstable; urgency=low * Correcting the dependencies for php5. * Jose Carlos Medeiros no longer maintainer of this package. -- Ola Lundqvist Sat, 6 May 2006 21:01:48 +0200 horde3 (3.1.1-1) unstable; urgency=high [ Lionel Elie Mamane ] * New upstream version - Close remote arbitrary command execution hole (closes: #360023) CVE-2006-1491 * Really exclude {arch} directory from being installed in binary package. -- Lionel Elie Mamane Thu, 6 Apr 2006 19:14:56 +0200 horde3 (3.1-2) UNRELEASED; urgency=low [ Lionel Elie Mamane ] * Conflict with versions of turba2 we break compatibility with. (closes: #360231) -- Lionel Elie Mamane Fri, 31 Mar 2006 23:08:02 +0200 horde3 (3.1-1) unstable; urgency=low [ Lionel Elie Mamane ] * Tweak the "Admin interface disabled because insecure" message. [ Ola Lundqvist ] * Updated to upstream version 3.1, closes: #356186, #356526. With correction for CVE-2006-1260 file disclosure vulnerability. Closes: #358812. This version correct CVE-2005-4190 as well, closes: #354512. * Modified dependencies in order to support php5 and to support recent installations of php4, closes: #353612, #359700, #359208. -- Ola Lundqvist Tue, 28 Mar 2006 20:58:38 +0200 horde3 (3.0.9-3) unstable; urgency=low * Move to team maintainership. * Make sure that {arch} is not a part of installed dir. -- Ola Lundqvist Sun, 12 Mar 2006 21:40:35 +0100 horde3 (3.0.9-2) unstable; urgency=high * Correct fix for weatherdotcom. -- Ola Lundqvist Fri, 16 Dec 2005 20:50:01 +0100 horde3 (3.0.9-1) unstable; urgency=high * New upstream release that correct a cross site scripting vulnerability as described in CVE-2005-4190, closes: #342942. * Documented that horde is incompatible with php4 session.auto_start option in the README.Debian file, closes: #341695. * Added php-mail to recommends list, closes: #339135. * Applied a patch to make weatherdotcom work, closes: #342161. Thanks to Giuseppe Iuculano . * Documented how to add alias to apache config, closes: #306605. * Changed the initial config message slightly, closes: #341358. -- Ola Lundqvist Fri, 16 Dec 2005 17:51:15 +0100 horde3 (3.0.7-1) unstable; urgency=high * New upstream release. This version fix cross site scripting vulnerabilities (CVE-2005-3759), closes: #340323. -- Ola Lundqvist Tue, 22 Nov 2005 22:45:59 +0100 horde3 (3.0.6-1) unstable; urgency=low * New upstream release. * Added phpapi-20041030 to the supported api versions (to support php5), closes: #333155. * Fixed so files in etc are rewritten the same was as files in usr/share, closes: #319780. * Updated to standards version 3.6.2. * Corrected to new FSF address. -- Ola Lundqvist Sat, 5 Nov 2005 16:11:03 +0100 horde3 (3.0.5-4) unstable; urgency=low * Minor fix for README.Debian file. * Added suggests of php4-mhash, closes: #335913. * Corrected dependency on php4, closes: #329940. * Corrected problem with ispell and Brazilian Language, closes: #328155. Thanks to Jose Carlos Medeiros for the fix. -- Ola Lundqvist Sat, 5 Nov 2005 12:40:43 +0100 horde3 (3.0.5-3) unstable; urgency=high * Improved description on why horde3 is disabled by default. -- Ola Lundqvist Sun, 9 Oct 2005 12:54:43 +0200 horde3 (3.0.5-2) unstable; urgency=high * Configuration disabled by default, closes: #332290, #332289. * Removed some crap from the README.Debian file, closes: #332276. -- Ola Lundqvist Sat, 8 Oct 2005 21:10:48 +0200 horde3 (3.0.5-1) unstable; urgency=low * New upstream release, closes: #325146, #315571, #325727, #321490, #309729, #304186. * Added gollem to suggest list, closes: #325492. * Added webcpp, chora2, xlhtml, ppthtml, wv, source-highlight, enscript and rpm to suggest list, closes: #309657, #326066. * Patched config/mime_drivers.php.dist so that no /usr/local is used for programs that exist in Debian archive, closes: #309661. -- Ola Lundqvist Fri, 9 Sep 2005 22:53:15 +0200 horde3 (3.0.4-4) unstable; urgency=low * Added conflict on horde so removing horde do not cause configuration removal in horde3, closes: #307623. -- Ola Lundqvist Wed, 4 May 2005 23:08:08 +0200 horde3 (3.0.4-3) unstable; urgency=medium * Removed post* and pre* files becuase they contain nothing that should remain. * Fixed dependency problem, closes: #294026. * Added a note about configuration to README.Debian, closes: #304086. -- Ola Lundqvist Sun, 17 Apr 2005 14:27:31 +0200 horde3 (3.0.4-2) unstable; urgency=low * Fixed permission problem on log file. * Updated copyright file. It actually use LGPL and not GPL. * Removed unnecessary config dir in /etc/horde/horde3. -- Ola Lundqvist Sun, 10 Apr 2005 19:51:55 +0200 horde3 (3.0.4-1) unstable; urgency=low * New upstream release. -- Ola Lundqvist Mon, 4 Apr 2005 08:11:18 +0200 horde3 (3.0.3-1) unstable; urgency=low * New upstream release. Jose Carlos Medeiros have helped a lot with this version. -- Ola Lundqvist Thu, 17 Feb 2005 15:41:33 -0200 horde3 (3.0.2-1) unstable; urgency=low * New upstream release. * Cooperated with Roberto Sanchez in order to complete this version. -- Ola Lundqvist Fri, 7 Jan 2005 13:41:54 +0100 horde3 (3.0.1-1) unstable; urgency=low * New upstream release. -- Ola Lundqvist Thu, 6 Jan 2005 16:35:23 +0100 horde3 (3.0-1) unstable; urgency=low * Initial Release. -- Ola Lundqvist Sat, 1 Jan 2005 14:51:04 +0100