squirrelmail (2:1.4.15-3ubuntu0.3) intrepid-security; urgency=low * SECURITY UPDATE: (LP: #396306) * Server-side code injection in map_yp_alias username map. An issue was fixed that allowed arbitrary server-side code execution when SquirrelMail was configured to use the example "map_yp_alias" username mapping functionality. - Fixes incomplete fix for CVE-2009-1579 - http://squirrelmail.org/security/issue/2009-05-10 - CVE-2009-1381 - Patch taken from upstream svn rev. 13733. Applied inline. -- Andreas Wenning Tue, 07 Jul 2009 02:48:17 +0200 squirrelmail (2:1.4.15-3ubuntu0.2) intrepid-security; urgency=low * SECURITY UPDATE: (LP: #375513) * Multiple cross site scripting issues. Two issues were fixed that both allowed an attacker to run arbitrary script (XSS) on most any SquirrelMail page by getting the user to click on specially crafted SquirrelMail links. - http://squirrelmail.org/security/issue/2009-05-08 - CVE-2009-1578 - Patch taken from upstream svn rev. 13670. Applied inline. * Cross site scripting issues in decrypt_headers.php. An issue was fixed wherein input to the contrib/decrypt_headers.php script was not sanitized and allowed arbitrary script execution upon submission of certain values. - http://squirrelmail.org/security/issue/2009-05-09 - CVE-2009-1578 - Patch taken from upstream svn rev. 13672. Applied inline. * Server-side code injection in map_yp_alias username map. An issue was fixed that allowed arbitrary server-side code execution when SquirrelMail was configured to use the example "map_yp_alias" username mapping functionality. - http://squirrelmail.org/security/issue/2009-05-10 - CVE-2009-1579 - Patch taken from upstream svn rev. 13674. Applied inline. * Session fixation vulnerability. An issue was fixed that allowed an attacker to possibly steal user data by hijacking the SquirrelMail login session. - http://squirrelmail.org/security/issue/2009-05-11 - CVE-2009-1580 - Patch taken from upstream svn rev. 13676. Applied inline. * CSS positioning vulnerability. An issue was fixed that allowed phishing and cross-site scripting (XSS) attacks to be run by surreptitious placement of content in specially-crafted emails sent to SquirrelMail users. - http://squirrelmail.org/security/issue/2009-05-12 - CVE-2009-1581 - Patch taken from upstream svn rev. 13667. Applied inline. -- Andreas Wenning Tue, 12 May 2009 21:09:43 +0200 squirrelmail (2:1.4.15-3ubuntu0.1) intrepid-security; urgency=low * SECURITY UPDATE: cross site scripting issue in the HTML filter (CVE-2008-2379). LP: #306536. - functions/mime.php: from the debian package version 1.4.15-4. -- Kees Cook Mon, 15 Dec 2008 14:33:21 -0800 squirrelmail (2:1.4.15-3) unstable; urgency=high * Cookies sent over HTTPS will now be confined to HTTPS only (cookie secure flag) and more support for the HTTPOnly cookie attribute. Patch taken from upstream release. (CVE-2008-3663, closes: #499942) -- Thijs Kinkhorst Sun, 28 Sep 2008 16:33:48 +0200 squirrelmail (2:1.4.15-2) unstable; urgency=low * Update fortune location to Debian's default, thanks Richard Nelson, closes: #484835. * Conforms to Debian policy 3.8.0, no changes required. -- Thijs Kinkhorst Sun, 13 Jul 2008 15:31:17 +0200 squirrelmail (2:1.4.15-1) unstable; urgency=low * New upstream bugfix release. * Remove Sam Johnston from Uploaders. * Update README.locales to be more verbose about which locales need to be enabled on the system, thanks Daniel Hahler. (closes: #473861) * Do not install index.html under /usr/share/doc, it doesn't add much value but requires Debian-specific patching which still doesn't work well with gzipped files (closes: #457524). -- Thijs Kinkhorst Sat, 24 May 2008 09:53:35 +0200 squirrelmail (2:1.4.13-2) unstable; urgency=low * Apply Debian-specific changes that somehow got lost in the previous upload (Closes: #457597, #457524). -- Thijs Kinkhorst Sun, 23 Dec 2007 22:36:27 +0100 squirrelmail (2:1.4.13-1) unstable; urgency=low * New upstream release. -- Thijs Kinkhorst Sat, 15 Dec 2007 13:57:31 +0100 squirrelmail (2:1.4.12-1) unstable; urgency=low * New upstream release. * Minor packaging cleanups. -- Thijs Kinkhorst Thu, 06 Dec 2007 17:27:56 +0100 squirrelmail (2:1.4.11-2) unstable; urgency=low * Fix broken attachment handling in PHP4 by applying patch from upstream. NOTE: this is only a courtesy to PHP4 users, it must be noted that Debian does not support PHP4 in current unstable anymore. (Closes: #444970) -- Thijs Kinkhorst Wed, 10 Oct 2007 09:56:53 +0200 squirrelmail (2:1.4.11-1) unstable; urgency=low * New upstream release. * Remove workaround for buglet in dictionaries-common SquirrelMail interface. -- Thijs Kinkhorst Sat, 29 Sep 2007 10:41:21 +0200 squirrelmail (2:1.4.10a-2) unstable; urgency=low * Make use of new dictionaries-common SquirrelMail interface to detect the installed squirrelspell dictionaries (Closes: #420877). * Remove obsolete upgrading code. * Make sure config files are not closed with '?>' since it's then too easy to get stray whitespace at the end of the file. -- Thijs Kinkhorst Thu, 31 May 2007 19:34:29 +0200 squirrelmail (2:1.4.10a-1) unstable; urgency=high * New upstream security release. - Fixes cross site scripting in the HTML filter [CVE-2007-1262, CVE-2007-2589]. - Tweaks SMTP error message display (Closes: #403705). - Fixes address duplication on reply-all (Closes: #408242). -- Thijs Kinkhorst Thu, 10 May 2007 12:04:48 +0200 squirrelmail (2:1.4.9a-1) unstable; urgency=high * New upstream security release. - Additionally tightens HTML filter for IE <= 5 parsing absolutely everything and its horse. -- Thijs Kinkhorst Mon, 4 Dec 2006 09:18:09 +0100 squirrelmail (2:1.4.9-1) unstable; urgency=high * New upstream bugfix release. - Includes cross site scripting security fix [CVE-2006-6142]. - Includes Internet Explorer security issue workaround. - Fixes misspelled constant (Closes: #401022) -- Thijs Kinkhorst Sat, 2 Dec 2006 17:35:43 +0100 squirrelmail (2:1.4.8-3) unstable; urgency=low * Add note to README.Debian about server side sorting (Closes: #394286) and regular_globals not being supported. * Add IfModule conditionals for register_globals setting in apache.conf (Closes: #398173). -- Thijs Kinkhorst Mon, 13 Nov 2006 16:29:33 +0100 squirrelmail (2:1.4.8-2) unstable; urgency=low * Update Debian patch to display options to cope with the custom charset plugin. Thanks Tomas Kuliavas, Closes: #385300. * Suggest php[45]-ldap, Closes: #392306. * Improve package description. -- Thijs Kinkhorst Fri, 20 Oct 2006 16:36:36 +0200 squirrelmail (2:1.4.8-1) unstable; urgency=high * New upstream release - Includes security fix: variable overwriting in compose.php by logged-in user [CVE-2006-4019] - Does not ship SquirrelMail developer's documentation anymore. * Remove duplicate content from README.locales. -- Thijs Kinkhorst Fri, 11 Aug 2006 13:53:20 +0200 squirrelmail (2:1.4.7-1) unstable; urgency=low * New upstream bugfix release. + Addresses some low-impact, theoretical or disputed security bugs, for which the code is tightened just-in-case: - Possible local file inclusion (Closes: #373731, CVE-2006-2842) - XSS in search.php (Closes: #375782, CVE-2006-3174) + Adds note to db-backend.txt about postgreSQL (Closes: #376605). * Checked for standards version to 3.7.2, no changes necessary. * Update maintainer address. -- Thijs Kinkhorst Tue, 4 Jul 2006 14:49:23 +0200 squirrelmail (2:1.4.6-1) unstable; urgency=high * New upstream release. * Includes the following security fixes: - Fix IMAP command injection in sqimap_mailbox_select with upstream patch. [CVE-2006-0377] (Closes: #354063) - Fix possible XSS in MagicHTML, concerning the parsing of u\rl and comments in styles. Internet Explorer specific. [CVE-2006-0195] (Closes: #354062) - Fix possible cross site scripting through the right_main parameter of webmail.php. This now uses a whitelist of acceptable values. [CVE-2006-0188] (Closes: #354064, #355424) -- Thijs Kinkhorst Tue, 7 Mar 2006 14:56:06 +0100 squirrelmail (2:1.4.5+1.4.6rc1-1) experimental; urgency=low * Experimental package * New upstream version: 1.4.6 Release Candidate 1 Many bugfixes, amongst which the following Debian bugs: + Works with newest PHP versions (Closes: #321565, #338649). + Fixes line wrapping for unicode characters (Closes: #330372). + Add support for limiting the length of the From address display (Closes: #279682). * Add Depends alternatives for PHP5. * Add Suggests for squirrelmail-decode, the library with charset decoding functions for complex and rare character sets. * Upgrade debhelper compatibility to the recommended level 5. * Add Homepage to package description. * Move package building from the binary-arch to the binary-indep target in debian/rules. -- Thijs Kinkhorst Sat, 10 Dec 2005 18:13:43 +0100 squirrelmail (2:1.4.5-2) unstable; urgency=low [ Jeroen van Wolffelaar ] * Restore squirrelmail-configure manpage, accidently dropped in -1 * Use debhelper compat level 4 [ Thijs Kinkhorst ] * Drop obsolete symlink for attachment dir. * Do not ship upstream README, which contains hardly any information relevant to Debian. Extend README.Debian a bit. Thanks W. Borgert. * Add years to copyright statement. -- Thijs Kinkhorst Mon, 15 Aug 2005 21:06:00 +0200 squirrelmail (2:1.4.5-1) unstable; urgency=low * New upstream release. (Closes: #319531) Many bugfixes, including the following Debian bugs: + Allows to use squirrelspell with PHP safe_mode (Closes: #220156). + Has multiple alternatives for locale names (Closes: #269790). + Option to set citation marker (Closes: #274595). * Dropped a lot of patches incorporated upstream * Add debian/watch file. * If default_pref file does not exist under var, do not attempt to move it to /etc (Closes: #309628). * Fix squirrelspell to read UTF8-encoded dictionary names correctly. (Closes: #311338) * Change Depends on squirrelmail-locales into Recommends; the depends was created to ease woody -> sarge upgrades, now a recommendation is sufficient (Closes: #319382). * Update Standards-Version to 3.6.2, no changes necessary. * Clean up rusty packaging. * Add depends-alternative for libapache-mod-php4, to prevent installs that have apache1 and libapache-mod-php4 but not the php4 meta package from dragging in apache2 (Closes: #320993). -- Thijs Kinkhorst Wed, 3 Aug 2005 20:00:16 +0200 squirrelmail (2:1.4.4-6sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected the patch based on upstream input [src/options_identities.php, CAN-2005-2095] -- Martin Schulze Mon, 11 Jul 2005 15:21:59 +0000 squirrelmail (2:1.4.4-6) stable-security; urgency=high * Security fix, hence high urgency. * Apply patch provided by upstream to fix several cross site scripting flaws [CAN-2005-1769] (Closes: #314374) * Work around arbitrary variable injection via extract() [CAN-2005-2095] (Closes: #317094) -- Thijs Kinkhorst Sat, 09 Jul 2005 11:57:20 +0200 squirrelmail (2:1.4.4-5) unstable; urgency=low * Add Suggests for imapproxy. * Update README.Debian with documentation about the Recommends and Suggests of this package. * Add advice about setting default options for your specific IMAP server. * Move fix for reloading signout.php from there to auth.php, because it broke plug-ins. Patch from upstream CVS. (Closes: #304422) * Correct spelling errors in Debian documentation. * Change "no JavaScript" to "no JavaScript required" in the package description because JavaScript can be used if available but is not depended on. -- Thijs Kinkhorst Sat, 9 Apr 2005 13:35:19 +0200 squirrelmail (2:1.4.4-4) unstable; urgency=low * Make use of dictionaries-common (when available) to auto-detect spell checker settings (Closes: #283948) * Change default recommended spell checker to ispell. -- Thijs Kinkhorst Sat, 26 Mar 2005 15:28:48 +0100 squirrelmail (2:1.4.4-3) unstable; urgency=low * Move default_pref config file from /var to /etc, as per Debian policy (Closes: #293281) * [JvW] (finally) override two lintian warnings about nonstandard permissions that are intentional (Closes: #293366) -- Thijs Kinkhorst Sun, 6 Feb 2005 21:41:51 +0100 squirrelmail (2:1.4.4-2) unstable; urgency=low * Fix configtest.php to accept a non-readable data_dir, which is the default Debian configuration * [JvW] Depend on squirrelmail-locales, to ease upgrades woody->sarge (Closes: #292490) * Extend README.locales with information about the squirrelmail-locales package and add hint that a restart of Apache might be needed * Limit access to configtest.php to just localhost, to prevent information leakage (Closes: #293133) -- Thijs Kinkhorst Tue, 1 Feb 2005 14:26:41 +0100 squirrelmail (2:1.4.4-1) unstable; urgency=high * New upstream version: 1.4.4 + Security: Added hook for Preferences Backend to resolve potential local file inclusion resulting in arbitrary code execution, warranting high urgency [CAN-2005-0075] + Security: Fix potential file inclusion issues in src/webmail.php. [CAN-2005-0103] + Security: Fix possible XSS issues in src/webmail.php. [CAN-2005-0104] * Thijs Kinkhorst: Add missing docs to squirrelmail.docs file (Closes: #289088) Thanks a lot to Thijs Kinkhorst who worked hard to get 1.4.4 released, and helped tremendously with the packaging for Debian -- Jeroen van Wolffelaar Sat, 22 Jan 2005 23:33:16 +0100 squirrelmail (2:1.4.3a+1.4.4rc1-0exp1) experimental; urgency=low * Experimental package * New upstream version: 1.4.4 Release Candidate 1 + Fixes broken theme select box (Closes: #286374) + Fixes wrong German translation (Closes: #282829) + Fixes broken Unicode encoding (Closes: #270626) + Fixes signout error when timed out (Closes: #275941) + Removed several backported patches that are in 1.4.4 now * Locales are not in the squirrelmail package anymore, but a separate package, start to recommend it (squirrelmail-locales) -- Jeroen van Wolffelaar Mon, 3 Jan 2005 00:28:32 +0100 squirrelmail (2:1.4.3a-3) unstable; urgency=high * Fix security issue: a remote attacker can compromise an account by sending a specially-crafted email containing JavaScript in a RFC2047 encoded header [CAN-2004-1036] (Closes: #280591) * Fix spelling mistake in the name of Thijs Kinkhorst in Uploaders -- Jeroen van Wolffelaar Tue, 16 Nov 2004 12:26:43 +0100 squirrelmail (2:1.4.3a-2) unstable; urgency=medium * Put myself as maintainer, and Sam Johnston as co-maintainer. Thijs Kinkhorst will also keep assisting in this package, he's co-maintainer too now. Thanks Sam, for the work you're putting into squirrelmail. * Checked for policy compliance with 3.6.1, no changes were needed, updated Standards-Version * Fix conf.pl detection of magic $domain contents (Closes: #271374) * Default to use /etc/mailname if it exists as default domain, use /etc/hostname only as fallback, as indicated by policy 11.6 (Mail transport, delivery and user agents) * cron.daily now checks whether the to-be-cleaned directory actually exists, and exits gracefully if not (Closes: #272046) * Now really fix the default apache.conf ssl-redirection example, also noted that it's just that, an example, and might not always work (Closes: #267777) -- Jeroen van Wolffelaar Wed, 22 Sep 2004 00:59:48 +0200 squirrelmail (2:1.4.3a-1) unstable; urgency=low * Signed and incremented by maintainer on vacation. Closes: #255752. * Updated SSL RewriteCond directive to resolve loop. Closes: #267777. -- Sam Johnston Tue, 24 Aug 2004 23:27:24 +1000 squirrelmail (2:1.4.3a-0.3) unstable; urgency=low * Non-Maintainer Upload in cooperation with Thijs Kinkhorst * Applied patch from stable CVS that refuses to LOGIN (plaintext IMAP-authentication) if the server advertises that is not supported, and gives an appropriate error message (Closes: #266099) * Don't put a newline in $domain in the default config -- Jeroen van Wolffelaar Thu, 19 Aug 2004 01:08:01 +0200 squirrelmail (2:1.4.3a-0.2) unstable; urgency=medium * Non-Maintainer Upload in cooperation with Thijs Kinkhorst * [TK] Apply simple patch from upstream stable CVS fixing sending of RFC-violating Message-ID's (class/deliver/Deliver.class.php r1.18.2.11 & r1.18.2.12) * Remove symlink in /var/www/ that kept being recreated, updated README.Debian accordingly (Closes: #261102) * Prevent dh_fixperms from resetting special permission of /var/lib/squirrelmail/data/ and /var/spool/squirrelmail/attach/, so that the buggy workaround in postinst can be removed (Closes: #263936) * Suggests php4-pear now (useful for database-backed preferences and addressbooks) -- Jeroen van Wolffelaar Fri, 13 Aug 2004 14:46:25 +0200 squirrelmail (2:1.4.3a-0.1) unstable; urgency=low * Non-Maintainer Upload in cooperation with Thijs Kinkhorst , upstream SquirrelMail developer * Reverted away from the development branch to the stable branch (Closes: #232995) - This re-introduces the translations (Closes: #232944) - Experimental mailbox-tree code is 1.5.x only (Closes: #231687, #233550, also closes: #250411) - imap_general experimental code was buggy in 1.5.0 only (Closes: #246097) - A buggy CRAM-MD5 check was 1.5.0 only too (Closes: #239566) * New upstream * Backport fix that was already in the 1.5.0 package fixing RFC3501 compliance for mailbox naming, keeping #176590 and #215183 closed (by Thijs, he committed it in upstream CVS on the 1.4 branch as functions/imap_mailbox.php 1.172.2.11) * Prefer apache2 and its php4 module in the Depends (Closes: #250303, #251656) * Dropped dependency on php4-pear, and added a proper error when using the preferences/addressbook-in-database feature suggesting to install it * Turn register_globals off for SquirrelMail, rather than on, since this is supported (even recommended) for nowaday's SquirrelMail * Add debhelper tokens to the postinst and postrm, this removes the now needless debconf purge on package purge, and the debconf dependency * On purge, remove user data in /var/{lib,spool}/squirrelmail too * Stop distributing UPGRADE and a duplicate copy of the upstream changelog * In README, tell about README.Debian instead of referring to 'INSTALL' * The README.Debian is more clear about configuring with Apache * Update 'copyright' file with general download location and correct the copyright holder to "The SquirrelMail Project Team". * In index.html, have proper (though still not complete) references to available documents in /usr/share/doc/squirrelmail (Closes: #246722) * Removed bogus 'Closes' line in last changelog entry -- Jeroen van Wolffelaar Tue, 22 Jun 2004 19:37:36 +0200 squirrelmail (1:1.5.0-1) unstable; urgency=low * New upstream release. * RFC3501 compliance for mailbox naming (eg trailing spaces). Closes: #176590, #215183. * Adds a squirrelmail symlink in /var/www/. Closes: #229282. * Adds PHP safe_mode workaround to README.Debian. Closes: #222071. * Adds daily cron job to clean attachments directory. Closes: #228400. * Checks for config_default.php before copying in postinst. Closes: #229737. -- Sam Johnston Wed, 4 Feb 2004 01:42:12 +1100 squirrelmail (1:1.4.2-1) unstable; urgency=medium * New upstream release. Closes: #204058. * Significant improvements over (broken) 1.4.0-1 package. * PHP compatability fixes. Closes: #202368. * conf.pl corrupts theme paths issue resolved. Closes: #175773, #180108, #188441, #190315, #190923, #191028. * Backwards compatible with stripped path themes (previous debs). * Highlighting issue (1.4.0) resolved. Closes: #188631. * Rendering issues with problem emails resolved. Closes: #205572. * Resource utilisation improvements. Closes: #191856, #189602. * README reference to upstream INSTALL document updated. Closes: #173367, 178951. * All known XSS exploits resolved. Closes: #167471. * Folder list refreshes on login. Closes: #165753. * $domain variable set to contents of /etc/hostname. Closes: #198747. * Trims of HTTP_HOST port number for use in SMTP HELO. Closes: #200108. * Fails gracefully when IMAP server unavailable. Closes: #192239. * Recommends rather than depends on spell checker. Closes: #193680. * DirectoryIndex directive added to apache.conf. Closes: #201022. * Plugin config(s) moved to /etc. Closes: #146416. * Properly handles accents and tildes in To:, Subject: etc headers. Closes: #150338, #179166. * No (broken) 'Save' button in printable version. Closes: #185602. * Removes /usr/share/squirrelmail/data iff is is a symbolic link. Closes: #188143. * Resolves policy violation by replacing conf.pl (executable in /etc) with a symlink to /usr/sbin/squirrelmail-configure. Closes: #163995. -- Sam Johnston Mon, 6 Oct 2003 07:44:12 +1000 squirrelmail (1:1.4.0-1) unstable; urgency=low * New upstream release. Closes: #179864, 134237. * Resolves XSS security issues. Closes: #182008. * Resolves default theme login problem. Closes: #174262. * conf.pl cwd calls hardwired. Closes: #173516. * conf.pl no longer breaks existing configs. Closes: #175773. * blank lines no longer removed by compose.php. Closes: #175842. * proto checking more robust. Closes: #178130. * uses /etc/mailname instead of mydomain.com. Closes: #181619, 176777. * added https redirect to example apache.conf. Closes: #172938. * depends on php4-pear. Closes: #173256. * indent problem resolved. Closes: #186506. * no longer creates data symlink, removes existing. Closes: #181537. * default_pref is a conffile - no longer written over. Closes: #178815. -- Sam Johnston Tue, 8 Apr 2003 02:06:40 +1000 squirrelmail (1:1.3.2+1.4.0rc1-1) unstable; urgency=low * New upstream release candidate -- Sam Johnston Thu, 2 Jan 2003 09:03:47 +1100 squirrelmail (1:1.3.2-2) unstable; urgency=high * Fixed cross site scripting problem in read_body.php (BugTraq ID 6302, CAN-2002-1341) -- Sam Johnston Sun, 22 Dec 2002 03:56:23 +1100 squirrelmail (1:1.3.2-1) unstable; urgency=low * New upstream release - tracking development * Removed debconf/wwwconfig scripts. Closes: #164605, #136612, #137165. * Fixed dependencies (php4-cgi httpd). Closes: #152062, #152882. * Japanese patch included upstream. Closes: #159454. * Folder rename issue resolved upstream. Closes: #166297. * display_messages doc root issue resolved upstream. Closes: #165103. -- Sam Johnston Thu, 7 Nov 2002 12:02:23 +1100 squirrelmail (1:1.2.8-1) unstable; urgency=low * New upstream release -- Sam Johnston Mon, 7 Oct 2002 23:37:40 +1000 squirrelmail (1:1.2.7-1) unstable; urgency=low * New upstream release -- Sam Johnston Mon, 24 Jun 2002 01:08:23 +1000 squirrelmail (1:1.2.6-1) unstable; urgency=high * New upstream *SECURITY* release * Resolves local unprivileged exploit. Closes: #144496. * Adds README.locales with information about languages. Closes #143277. * Resolves typo in conf.pl (Save data repeated). Closes: #140506. * Adds russian templates for debconf. Closes #136612, #137165. -- Sam Johnston Tue, 30 Apr 2002 18:53:46 +1000 squirrelmail (1:1.2.5-1) unstable; urgency=low * New upstream release. Closes: #138181. * Fixed typo in debconf template. Closes: #131755. * Installs default config_default.php file on new installations. Closes: #136776. -- Sam Johnston Tue, 19 Mar 2002 01:51:08 +1100 squirrelmail (1:1.2.4-1) unstable; urgency=high * New upstream *SECURITY* release * Fixes remote exploit in squirrelspell plugin. Closes: #130754. -- Sam Johnston Sat, 26 Jan 2002 06:22:30 +1100 squirrelmail (1:1.2.3-2) unstable; urgency=low * Resolves theme path issue (themes work again). Closes: #129406. -- Sam Johnston Thu, 24 Jan 2002 03:46:14 +1100 squirrelmail (1:1.2.3-1) unstable; urgency=medium * New upstream release -- Sam Johnston Wed, 23 Jan 2002 03:12:34 +1100 squirrelmail (1:1.2.2.20020116-1) unstable; urgency=low * New upstream release (tracking CVS due to problems with releases, PHP 4.1 migration, etc.) Closes: #128228. * Fixes typo in the control file (description). Closes: #129350. * Uses php_flags syntax for register_globals workaround. Closes: #128226. * Resolves conf.pl hanging problem by calling db_stop from maintainer scripts when debconf is finished with. Closes: #128142. * Various fixes to keep lintian happy -- Sam Johnston Thu, 17 Jan 2002 02:49:05 +1100 squirrelmail (1:1.2.2-2) unstable; urgency=medium * Added support for apache-ssl. SSL (not necessarily apache-ssl) is recommended for all installations which involve sessions over untrusted networks as passwords are sent in clear text, and message contents may be confidential. Closes: #114545, #115140. * Added preliminary debconf support for selecting webserver type for autoconfiguration (we can set up PHP, and #include the SquirrelMail apache.conf file in most cases, avoiding the need for any manual changes). Closes: #125590. -- Sam Johnston Wed, 2 Jan 2002 17:23:56 +1100 squirrelmail (1:1.2.2-1) unstable; urgency=medium * New upstream release * Resolved problem finding plugins by replacing relative plugin dir references with absolute references. Closes: #115163. * Resolved problem finding themes by removing relative themes dir (unnecessarily included in each theme definition), instead hardcoding it in the php script(s) which reference themes. Closes: #116285. * Resolved conf.pl problems preventing it from being executed from outside the squirrelmail dir by referencing /etc/squirrelmail. Closes: #119859. * Suggests imap-server. Does not depend as many (most?) sites will/ should be running SM on a separate machine. Feedback about this decision welcome. Closes: #114543. * Suggests ispell | aspell as SquirrelSpell is now included in the main distribution. The sqspell config file is now a conffile to prevent overwrites. -- Sam Johnston Wed, 2 Jan 2002 15:20:07 +1100 squirrelmail (1:1.2.0-1) unstable; urgency=low * New upstream release * Plugin detection/symlink problem in conf.pl fixed * Merry Christmas -- Sam Johnston Tue, 25 Dec 2001 18:31:05 +1100 squirrelmail (1.2.0-rc3-2) unstable; urgency=low * Edited apache configuration to resolve 404 errors. There is some discussion upstream about incompatibilities between SM and PHP 4.1.0, including a discussion about get_location returning null so I expect these issues will be resolved by the (christmas day) release of 1.2.0. Closes #125866. -- Sam Johnston Thu, 20 Dec 2001 11:37:00 +1100 squirrelmail (1.2.0-rc3-1) unstable; urgency=low * New upstream release * Fixed up description formatting problem. Closes: #114871 * Removed require_once patches applied in rc2-2. Fixed upstream. * Fixed password parsing problem. Closes: #115225 * Speed improvements and optimisations * Several plugins integrated into the core or added as 'official' * New paginator, rewrite of option pages code, etc. -- Sam Johnston Sun, 16 Dec 2001 23:53:36 +1100 squirrelmail (1.2.0-rc2-3) unstable; urgency=low * Created a fairly intelligent script for packaging up plugins. It goes by the name of smpackage and it lives in the examples directory, for want of a better home. * Uploaded 40-something libsquirrelmail-* plugin packages. Enjoy. -- Sam Johnston Mon, 8 Oct 2001 03:16:24 +1000 squirrelmail (1.2.0-rc2-2) unstable; urgency=low * Resolved problems with redeclaring functions by replacing include()s with require_once()s * Closes: 114531 -- Sam Johnston Fri, 5 Oct 2001 18:18:53 +1000 squirrelmail (1.2.0-rc2-1) unstable; urgency=low * New upstream release -- Sam Johnston Wed, 3 Oct 2001 00:08:20 +1000 squirrelmail (1.0.6-2) unstable; urgency=low * Added support to conf.pl for automated plugin installation and removal -- Sam Johnston Tue, 2 Oct 2001 22:15:25 +1000 squirrelmail (1.0.6-1) unstable; urgency=low * Initial Release * Kudos to Bart Bunting for his initial work on packaging squirrelmail * Closes #86125 -- Sam Johnston Tue, 2 Oct 2001 21:39:10 +1000 vim: et