2009
squirrelmail (2:1.4.20~rc2-1) unstable; urgency=medium
* New upstream release candidate.
+ Addresses cross site request forgery (CVE-2009-2964,
closes: #543818).
* Update to policy 3.8.3, no changes necessary.
-- Thijs Kinkhorst <thijs@debian.org> Sun, 27 Sep 2009 16:46:03 +0200
squirrelmail (2:1.4.19-1) unstable; urgency=high
* New upstream release.
+ Corrects incomplete fix for CVE-2009-1579 [CVE-2009-1381]
+ Fixes filter plugin regression (closes: #529328)
-- Thijs Kinkhorst <thijs@debian.org> Thu, 21 May 2009 20:16:48 +0200
squirrelmail (2:1.4.18-1) unstable; urgency=high
* New upstream release.
+ Addresses several security issues (closes: #528528):
CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581.
* Update to debhelper 7 and policy 3.8.1.
* Make squirrelmail.cron.daily cope with the administrator
enabling the hashed dir feature, thanks Marcello Nuccio
(closes: #508287).
* Update Recommends and Suggests:
+ Remove all php4-related relations.
+ Add recommends for php5-mcode which speeds up crypto.
+ Suggest php5-recode for some character sets.
+ Recommend plugins: squirrelmail-viewashtml for HTML mail,
squirrelmail-logger to provide logging.
(closes: #523966, #527964)
-- Thijs Kinkhorst <thijs@debian.org> Wed, 13 May 2009 19:42:57 +0200
2008
squirrelmail (2:1.4.15-4) unstable; urgency=high
* Address cross site scripting issue in the HTML filter
(CVE-2008-2379).
-- Thijs Kinkhorst <thijs@debian.org> Sun, 07 Dec 2008 16:18:03 +0100
squirrelmail (2:1.4.15-3) unstable; urgency=high
* Cookies sent over HTTPS will now be confined to HTTPS only
(cookie secure flag) and more support for the HTTPOnly cookie
attribute. Patch taken from upstream release.
(CVE-2008-3663, closes: #499942)
-- Thijs Kinkhorst <thijs@debian.org> Sun, 28 Sep 2008 16:33:48 +0200
squirrelmail (2:1.4.15-2) unstable; urgency=low
* Update fortune location to Debian's default, thanks
Richard Nelson, closes: #484835.
* Conforms to Debian policy 3.8.0, no changes required.
-- Thijs Kinkhorst <thijs@debian.org> Sun, 13 Jul 2008 15:31:17 +0200
squirrelmail (2:1.4.15-1) unstable; urgency=low
* New upstream bugfix release.
* Remove Sam Johnston from Uploaders.
* Update README.locales to be more verbose about which locales
need to be enabled on the system, thanks Daniel Hahler.
(closes: #473861)
* Do not install index.html under /usr/share/doc, it doesn't add
much value but requires Debian-specific patching which still
doesn't work well with gzipped files (closes: #457524).
-- Thijs Kinkhorst <thijs@debian.org> Sat, 24 May 2008 09:53:35 +0200
2007
squirrelmail (2:1.4.13-2) unstable; urgency=low
* Apply Debian-specific changes that somehow got lost in the
previous upload (Closes: #457597, #457524).
-- Thijs Kinkhorst <thijs@debian.org> Sun, 23 Dec 2007 22:36:27 +0100
squirrelmail (2:1.4.13-1) unstable; urgency=low
* New upstream release.
-- Thijs Kinkhorst <thijs@debian.org> Sat, 15 Dec 2007 13:57:31 +0100
squirrelmail (2:1.4.12-1) unstable; urgency=low
* New upstream release. * Minor packaging cleanups.
-- Thijs Kinkhorst <thijs@debian.org> Thu, 06 Dec 2007 17:27:56 +0100
squirrelmail (2:1.4.11-2) unstable; urgency=low
* Fix broken attachment handling in PHP4 by applying patch
from upstream.
NOTE: this is only a courtesy to PHP4 users, it must be noted
that Debian does not support PHP4 in current unstable anymore.
(Closes: #444970)
-- Thijs Kinkhorst <thijs@debian.org> Wed, 10 Oct 2007 09:56:53 +0200
squirrelmail (2:1.4.11-1) unstable; urgency=low
* New upstream release. * Remove workaround for buglet in dictionaries-common SquirrelMail interface.
-- Thijs Kinkhorst <thijs@debian.org> Sat, 29 Sep 2007 10:41:21 +0200
squirrelmail (2:1.4.10a-2) unstable; urgency=low
* Make use of new dictionaries-common SquirrelMail interface to
detect the installed squirrelspell dictionaries (Closes: #420877).
* Remove obsolete upgrading code.
* Make sure config files are not closed with '?>' since it's then
too easy to get stray whitespace at the end of the file.
-- Thijs Kinkhorst <thijs@debian.org> Thu, 31 May 2007 19:34:29 +0200
squirrelmail (2:1.4.10a-1) unstable; urgency=high
* New upstream security release.
- Fixes cross site scripting in the HTML filter
[CVE-2007-1262, CVE-2007-2589].
- Tweaks SMTP error message display (Closes: #403705).
- Fixes address duplication on reply-all (Closes: #408242).
-- Thijs Kinkhorst <thijs@debian.org> Thu, 10 May 2007 12:04:48 +0200
2006
squirrelmail (2:1.4.9a-1) unstable; urgency=high
* New upstream security release.
- Additionally tightens HTML filter for IE <= 5 parsing
absolutely everything and its horse.
-- Thijs Kinkhorst <thijs@debian.org> Mon, 4 Dec 2006 09:18:09 +0100
squirrelmail (2:1.4.9-1) unstable; urgency=high
* New upstream bugfix release.
- Includes cross site scripting security fix [CVE-2006-6142].
- Includes Internet Explorer security issue workaround.
- Fixes misspelled constant (Closes: #401022)
-- Thijs Kinkhorst <thijs@debian.org> Sat, 2 Dec 2006 17:35:43 +0100
squirrelmail (2:1.4.8-3) unstable; urgency=low
* Add note to README.Debian about server side sorting (Closes: #394286) and regular_globals not being supported. * Add IfModule conditionals for register_globals setting in apache.conf (Closes: #398173).
-- Thijs Kinkhorst <thijs@debian.org> Mon, 13 Nov 2006 16:29:33 +0100
squirrelmail (2:1.4.8-2) unstable; urgency=low
* Update Debian patch to display options to cope with the custom
charset plugin. Thanks Tomas Kuliavas, Closes: #385300.
* Suggest php[45]-ldap, Closes: #392306.
* Improve package description.
-- Thijs Kinkhorst <thijs@debian.org> Fri, 20 Oct 2006 16:36:36 +0200
squirrelmail (2:1.4.8-1) unstable; urgency=high
* New upstream release
- Includes security fix: variable overwriting in compose.php
by logged-in user [CVE-2006-4019]
- Does not ship SquirrelMail developer's documentation anymore.
* Remove duplicate content from README.locales.
-- Thijs Kinkhorst <thijs@debian.org> Fri, 11 Aug 2006 13:53:20 +0200
squirrelmail (2:1.4.7-1) unstable; urgency=low
* New upstream bugfix release.
+ Addresses some low-impact, theoretical or disputed security bugs,
for which the code is tightened just-in-case:
- Possible local file inclusion (Closes: #373731, CVE-2006-2842)
- XSS in search.php (Closes: #375782, CVE-2006-3174)
+ Adds note to db-backend.txt about postgreSQL (Closes: #376605).
* Checked for standards version to 3.7.2, no changes necessary.
* Update maintainer address.
-- Thijs Kinkhorst <thijs@debian.org> Tue, 4 Jul 2006 14:49:23 +0200
squirrelmail (2:1.4.6-1) unstable; urgency=high
* New upstream release.
* Includes the following security fixes:
- Fix IMAP command injection in sqimap_mailbox_select
with upstream patch. [CVE-2006-0377] (Closes: #354063)
- Fix possible XSS in MagicHTML, concerning the parsing
of u\rl and comments in styles. Internet Explorer
specific. [CVE-2006-0195] (Closes: #354062)
- Fix possible cross site scripting through the right_main
parameter of webmail.php. This now uses a whitelist of
acceptable values. [CVE-2006-0188] (Closes: #354064, #355424)
-- Thijs Kinkhorst <kink@squirrelmail.org> Tue, 7 Mar 2006 14:56:06 +0100
2005
squirrelmail (2:1.4.5+1.4.6rc1-1) experimental; urgency=low
* Experimental package
* New upstream version: 1.4.6 Release Candidate 1
Many bugfixes, amongst which the following Debian bugs:
+ Works with newest PHP versions (Closes: #321565, #338649).
+ Fixes line wrapping for unicode characters (Closes: #330372).
+ Add support for limiting the length of the From address display
(Closes: #279682).
* Add Depends alternatives for PHP5.
* Add Suggests for squirrelmail-decode, the library with charset decoding
functions for complex and rare character sets.
* Upgrade debhelper compatibility to the recommended level 5.
* Add Homepage to package description.
* Move package building from the binary-arch to the binary-indep target
in debian/rules.
-- Thijs Kinkhorst <kink@squirrelmail.org> Sat, 10 Dec 2005 18:13:43 +0100
squirrelmail (2:1.4.5-2) unstable; urgency=low
[ Jeroen van Wolffelaar ]
* Restore squirrelmail-configure manpage, accidently dropped in -1
* Use debhelper compat level 4
[ Thijs Kinkhorst ]
* Drop obsolete symlink for attachment dir.
* Do not ship upstream README, which contains hardly any information
relevant to Debian. Extend README.Debian a bit. Thanks W. Borgert.
* Add years to copyright statement.
-- Thijs Kinkhorst <kink@squirrelmail.org> Mon, 15 Aug 2005 21:06:00 +0200
squirrelmail (2:1.4.5-1) unstable; urgency=low
* New upstream release. (Closes: #319531) Many bugfixes, including the following Debian bugs: + Allows to use squirrelspell with PHP safe_mode (Closes: #220156). + Has multiple alternatives for locale names (Closes: #269790). + Option to set citation marker (Closes: #274595). * Dropped a lot of patches incorporated upstream * Add debian/watch file. * If default_pref file does not exist under var, do not attempt to move it to /etc (Closes: #309628). * Fix squirrelspell to read UTF8-encoded dictionary names correctly. (Closes: #311338) * Change Depends on squirrelmail-locales into Recommends; the depends was created to ease woody -> sarge upgrades, now a recommendation is sufficient (Closes: #319382). * Update Standards-Version to 3.6.2, no changes necessary. * Clean up rusty packaging. * Add depends-alternative for libapache-mod-php4, to prevent installs that have apache1 and libapache-mod-php4 but not the php4 meta package from dragging in apache2 (Closes: #320993).
-- Thijs Kinkhorst <kink@squirrelmail.org> Wed, 3 Aug 2005 20:00:16 +0200
squirrelmail (2:1.4.4-6sarge1) stable-security; urgency=high
* Non-maintainer upload by the Security Team
* Corrected the patch based on upstream input
[src/options_identities.php, CAN-2005-2095]
-- Martin Schulze <joey@gluck.debian.org> Mon, 11 Jul 2005 15:21:59 +0000
squirrelmail (2:1.4.4-6) stable-security; urgency=high
* Security fix, hence high urgency.
* Apply patch provided by upstream to fix several cross site scripting
flaws [CAN-2005-1769] (Closes: #314374)
* Work around arbitrary variable injection via extract() [CAN-2005-2095]
(Closes: #317094)
-- Thijs Kinkhorst <kink@squirrelmail.org> Sat, 09 Jul 2005 11:57:20 +0200
squirrelmail (2:1.4.4-5) unstable; urgency=low
* Add Suggests for imapproxy.
* Update README.Debian with documentation about the Recommends and
Suggests of this package.
* Add advice about setting default options for your specific IMAP server.
* Move fix for reloading signout.php from there to auth.php, because it
broke plug-ins. Patch from upstream CVS. (Closes: #304422)
* Correct spelling errors in Debian documentation.
* Change "no JavaScript" to "no JavaScript required" in the package
description because JavaScript can be used if available but is not
depended on.
-- Thijs Kinkhorst <kink@squirrelmail.org> Sat, 9 Apr 2005 13:35:19 +0200
squirrelmail (2:1.4.4-4) unstable; urgency=low
* Make use of dictionaries-common (when available) to auto-detect
spell checker settings (Closes: #283948)
* Change default recommended spell checker to ispell.
-- Thijs Kinkhorst <kink@squirrelmail.org> Sat, 26 Mar 2005 15:28:48 +0100
squirrelmail (2:1.4.4-3) unstable; urgency=low
* Move default_pref config file from /var to /etc, as per Debian policy
(Closes: #293281)
* [JvW] (finally) override two lintian warnings about nonstandard
permissions that are intentional (Closes: #293366)
-- Thijs Kinkhorst <kink@squirrelmail.org> Sun, 6 Feb 2005 21:41:51 +0100
squirrelmail (2:1.4.4-2) unstable; urgency=low
* Fix configtest.php to accept a non-readable data_dir, which is the
default Debian configuration
* [JvW] Depend on squirrelmail-locales, to ease upgrades woody->sarge
(Closes: #292490)
* Extend README.locales with information about the squirrelmail-locales
package and add hint that a restart of Apache might be needed
* Limit access to configtest.php to just localhost, to prevent
information leakage (Closes: #293133)
-- Thijs Kinkhorst <kink@squirrelmail.org> Tue, 1 Feb 2005 14:26:41 +0100
squirrelmail (2:1.4.4-1) unstable; urgency=high
* New upstream version: 1.4.4
+ Security: Added hook for Preferences Backend to resolve potential
local file inclusion resulting in arbitrary code execution, warranting
high urgency [CAN-2005-0075]
+ Security: Fix potential file inclusion issues in src/webmail.php.
[CAN-2005-0103]
+ Security: Fix possible XSS issues in src/webmail.php. [CAN-2005-0104]
* Thijs Kinkhorst: Add missing docs to squirrelmail.docs file (Closes:
#289088)
Thanks a lot to Thijs Kinkhorst who worked hard to get 1.4.4 released, and
helped tremendously with the packaging for Debian
-- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Sat, 22 Jan 2005 23:33:16 +0100
squirrelmail (2:1.4.3a+1.4.4rc1-0exp1) experimental; urgency=low
* Experimental package
* New upstream version: 1.4.4 Release Candidate 1
+ Fixes broken theme select box (Closes: #286374)
+ Fixes wrong German translation (Closes: #282829)
+ Fixes broken Unicode encoding (Closes: #270626)
+ Fixes signout error when timed out (Closes: #275941)
+ Removed several backported patches that are in 1.4.4 now
* Locales are not in the squirrelmail package anymore, but a separate
package, start to recommend it (squirrelmail-locales)
-- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Mon, 3 Jan 2005 00:28:32 +0100
2004
squirrelmail (2:1.4.3a-3) unstable; urgency=high
* Fix security issue: a remote attacker can compromise an account by
sending a specially-crafted email containing JavaScript in a RFC2047
encoded header [CAN-2004-1036] (Closes: #280591)
* Fix spelling mistake in the name of Thijs Kinkhorst in Uploaders
-- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Tue, 16 Nov 2004 12:26:43 +0100
squirrelmail (2:1.4.3a-2) unstable; urgency=medium
* Put myself as maintainer, and Sam Johnston as co-maintainer. Thijs
Kinkhorst will also keep assisting in this package, he's co-maintainer too
now. Thanks Sam, for the work you're putting into squirrelmail.
* Checked for policy compliance with 3.6.1, no changes were needed, updated
Standards-Version
* Fix conf.pl detection of magic $domain contents (Closes: #271374)
* Default to use /etc/mailname if it exists as default domain, use
/etc/hostname only as fallback, as indicated by policy 11.6 (Mail
transport, delivery and user agents)
* cron.daily now checks whether the to-be-cleaned directory actually exists,
and exits gracefully if not (Closes: #272046)
* Now really fix the default apache.conf ssl-redirection example, also noted
that it's just that, an example, and might not always work (Closes: #267777)
-- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Wed, 22 Sep 2004 00:59:48 +0200
squirrelmail (2:1.4.3a-1) unstable; urgency=low
* Signed and incremented by maintainer on vacation. Closes: #255752. * Updated SSL RewriteCond directive to resolve loop. Closes: #267777.
-- Sam Johnston <samj@aos.net.au> Tue, 24 Aug 2004 23:27:24 +1000
squirrelmail (2:1.4.3a-0.3) unstable; urgency=low
* Non-Maintainer Upload in cooperation with Thijs Kinkhorst
* Applied patch from stable CVS that refuses to LOGIN (plaintext
IMAP-authentication) if the server advertises that is not supported, and
gives an appropriate error message (Closes: #266099)
* Don't put a newline in $domain in the default config
-- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Thu, 19 Aug 2004 01:08:01 +0200
squirrelmail (2:1.4.3a-0.2) unstable; urgency=medium
* Non-Maintainer Upload in cooperation with Thijs Kinkhorst
* [TK] Apply simple patch from upstream stable CVS fixing sending of
RFC-violating Message-ID's (class/deliver/Deliver.class.php
r1.18.2.11 & r1.18.2.12)
* Remove symlink in /var/www/ that kept being recreated, updated
README.Debian accordingly (Closes: #261102)
* Prevent dh_fixperms from resetting special permission of
/var/lib/squirrelmail/data/ and /var/spool/squirrelmail/attach/, so that
the buggy workaround in postinst can be removed (Closes: #263936)
* Suggests php4-pear now (useful for database-backed preferences and
addressbooks)
-- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Fri, 13 Aug 2004 14:46:25 +0200
squirrelmail (2:1.4.3a-0.1) unstable; urgency=low
* Non-Maintainer Upload in cooperation with Thijs Kinkhorst
<thijs@kinkhorst.com>, upstream SquirrelMail developer
* Reverted away from the development branch to the stable branch
(Closes: #232995)
- This re-introduces the translations (Closes: #232944)
- Experimental mailbox-tree code is 1.5.x only (Closes: #231687, #233550,
also closes: #250411)
- imap_general experimental code was buggy in 1.5.0 only (Closes: #246097)
- A buggy CRAM-MD5 check was 1.5.0 only too (Closes: #239566)
* New upstream
* Backport fix that was already in the 1.5.0 package fixing RFC3501
compliance for mailbox naming, keeping #176590 and #215183 closed
(by Thijs, he committed it in upstream CVS on the 1.4 branch as
functions/imap_mailbox.php 1.172.2.11)
* Prefer apache2 and its php4 module in the Depends
(Closes: #250303, #251656)
* Dropped dependency on php4-pear, and added a proper error when using the
preferences/addressbook-in-database feature suggesting to install it
* Turn register_globals off for SquirrelMail, rather than on, since this is
supported (even recommended) for nowaday's SquirrelMail
* Add debhelper tokens to the postinst and postrm, this removes the now
needless debconf purge on package purge, and the debconf dependency
* On purge, remove user data in /var/{lib,spool}/squirrelmail too
* Stop distributing UPGRADE and a duplicate copy of the upstream changelog
* In README, tell about README.Debian instead of referring to 'INSTALL'
* The README.Debian is more clear about configuring with Apache
* Update 'copyright' file with general download location and correct the
copyright holder to "The SquirrelMail Project Team".
* In index.html, have proper (though still not complete) references to
available documents in /usr/share/doc/squirrelmail (Closes: #246722)
* Removed bogus 'Closes' line in last changelog entry
-- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Tue, 22 Jun 2004 19:37:36 +0200
squirrelmail (1:1.5.0-1) unstable; urgency=low
* New upstream release.
* RFC3501 compliance for mailbox naming (eg trailing spaces).
Closes: #176590, #215183.
* Adds a squirrelmail symlink in /var/www/. Closes: #229282.
* Adds PHP safe_mode workaround to README.Debian. Closes: #222071.
* Adds daily cron job to clean attachments directory. Closes: #228400.
* Checks for config_default.php before copying in postinst.
Closes: #229737.
-- Sam Johnston <samj@aos.net.au> Wed, 4 Feb 2004 01:42:12 +1100
2003
squirrelmail (1:1.4.2-1) unstable; urgency=medium
* New upstream release. Closes: #204058. * Significant improvements over (broken) 1.4.0-1 package. * PHP compatability fixes. Closes: #202368. * conf.pl corrupts theme paths issue resolved. Closes: #175773, #180108, #188441, #190315, #190923, #191028. * Backwards compatible with stripped path themes (previous debs). * Highlighting issue (1.4.0) resolved. Closes: #188631. * Rendering issues with problem emails resolved. Closes: #205572. * Resource utilisation improvements. Closes: #191856, #189602. * README reference to upstream INSTALL document updated. Closes: #173367, 178951. * All known XSS exploits resolved. Closes: #167471. * Folder list refreshes on login. Closes: #165753. * $domain variable set to contents of /etc/hostname. Closes: #198747. * Trims of HTTP_HOST port number for use in SMTP HELO. Closes: #200108. * Fails gracefully when IMAP server unavailable. Closes: #192239. * Recommends rather than depends on spell checker. Closes: #193680. * DirectoryIndex directive added to apache.conf. Closes: #201022. * Plugin config(s) moved to /etc. Closes: #146416. * Properly handles accents and tildes in To:, Subject: etc headers. Closes: #150338, #179166. * No (broken) 'Save' button in printable version. Closes: #185602. * Removes /usr/share/squirrelmail/data iff is is a symbolic link. Closes: #188143. * Resolves policy violation by replacing conf.pl (executable in /etc) with a symlink to /usr/sbin/squirrelmail-configure. Closes: #163995.
-- Sam Johnston <samj@aos.net.au> Mon, 6 Oct 2003 07:44:12 +1000
squirrelmail (1:1.4.0-1) unstable; urgency=low
* New upstream release. Closes: #179864, 134237. * Resolves XSS security issues. Closes: #182008. * Resolves default theme login problem. Closes: #174262. * conf.pl cwd calls hardwired. Closes: #173516. * conf.pl no longer breaks existing configs. Closes: #175773. * blank lines no longer removed by compose.php. Closes: #175842. * proto checking more robust. Closes: #178130. * uses /etc/mailname instead of mydomain.com. Closes: #181619, 176777. * added https redirect to example apache.conf. Closes: #172938. * depends on php4-pear. Closes: #173256. * indent problem resolved. Closes: #186506. * no longer creates data symlink, removes existing. Closes: #181537. * default_pref is a conffile - no longer written over. Closes: #178815.
-- Sam Johnston <samj@aos.net.au> Tue, 8 Apr 2003 02:06:40 +1000
squirrelmail (1:1.3.2+1.4.0rc1-1) unstable; urgency=low
* New upstream release candidate
-- Sam Johnston <samj@debian.org> Thu, 2 Jan 2003 09:03:47 +1100
2002
squirrelmail (1:1.3.2-2) unstable; urgency=high
* Fixed cross site scripting problem in read_body.php (BugTraq ID 6302,
CAN-2002-1341)
-- Sam Johnston <samj@debian.org> Sun, 22 Dec 2002 03:56:23 +1100
squirrelmail (1:1.3.2-1) unstable; urgency=low
* New upstream release - tracking development * Removed debconf/wwwconfig scripts. Closes: #164605, #136612, #137165. * Fixed dependencies (php4-cgi httpd). Closes: #152062, #152882. * Japanese patch included upstream. Closes: #159454. * Folder rename issue resolved upstream. Closes: #166297. * display_messages doc root issue resolved upstream. Closes: #165103.
-- Sam Johnston <samj@debian.org> Thu, 7 Nov 2002 12:02:23 +1100
squirrelmail (1:1.2.8-1) unstable; urgency=low
* New upstream release
-- Sam Johnston <samj@debian.org> Mon, 7 Oct 2002 23:37:40 +1000
squirrelmail (1:1.2.7-1) unstable; urgency=low
* New upstream release
-- Sam Johnston <samj@debian.org> Mon, 24 Jun 2002 01:08:23 +1000
squirrelmail (1:1.2.6-1) unstable; urgency=high
* New upstream SECURITY release * Resolves local unprivileged exploit. Closes: #144496. * Adds README.locales with information about languages. Closes #143277. * Resolves typo in conf.pl (Save data repeated). Closes: #140506. * Adds russian templates for debconf. Closes #136612, #137165.
-- Sam Johnston <samj@debian.org> Tue, 30 Apr 2002 18:53:46 +1000
squirrelmail (1:1.2.5-1) unstable; urgency=low
* New upstream release. Closes: #138181. * Fixed typo in debconf template. Closes: #131755. * Installs default config_default.php file on new installations. Closes: #136776.
-- Sam Johnston <samj@debian.org> Tue, 19 Mar 2002 01:51:08 +1100
squirrelmail (1:1.2.4-1) unstable; urgency=high
* New upstream SECURITY release * Fixes remote exploit in squirrelspell plugin. Closes: #130754.
-- Sam Johnston <samj@debian.org> Sat, 26 Jan 2002 06:22:30 +1100
squirrelmail (1:1.2.3-2) unstable; urgency=low
* Resolves theme path issue (themes work again). Closes: #129406.
-- Sam Johnston <samj@debian.org> Thu, 24 Jan 2002 03:46:14 +1100
squirrelmail (1:1.2.3-1) unstable; urgency=medium
* New upstream release
-- Sam Johnston <samj@debian.org> Wed, 23 Jan 2002 03:12:34 +1100
squirrelmail (1:1.2.2.20020116-1) unstable; urgency=low
* New upstream release (tracking CVS due to problems with releases, PHP
4.1 migration, etc.) Closes: #128228.
* Fixes typo in the control file (description). Closes: #129350.
* Uses php_flags syntax for register_globals workaround.
Closes: #128226.
* Resolves conf.pl hanging problem by calling db_stop from maintainer
scripts when debconf is finished with. Closes: #128142.
* Various fixes to keep lintian happy
-- Sam Johnston <samj@debian.org> Thu, 17 Jan 2002 02:49:05 +1100
squirrelmail (1:1.2.2-2) unstable; urgency=medium
* Added support for apache-ssl. SSL (not necessarily apache-ssl) is
recommended for all installations which involve sessions over untrusted
networks as passwords are sent in clear text, and message contents
may be confidential. Closes: #114545, #115140.
* Added preliminary debconf support for selecting webserver type for
autoconfiguration (we can set up PHP, and #include the SquirrelMail
apache.conf file in most cases, avoiding the need for any manual
changes). Closes: #125590.
-- Sam Johnston <samj@debian.org> Wed, 2 Jan 2002 17:23:56 +1100
squirrelmail (1:1.2.2-1) unstable; urgency=medium
* New upstream release
* Resolved problem finding plugins by replacing relative plugin dir
references with absolute references. Closes: #115163.
* Resolved problem finding themes by removing relative themes dir
(unnecessarily included in each theme definition), instead hardcoding
it in the php script(s) which reference themes. Closes: #116285.
* Resolved conf.pl problems preventing it from being executed from
outside the squirrelmail dir by referencing /etc/squirrelmail.
Closes: #119859.
* Suggests imap-server. Does not depend as many (most?) sites will/
should be running SM on a separate machine. Feedback about this
decision welcome. Closes: #114543.
* Suggests ispell | aspell as SquirrelSpell is now included in the
main distribution. The sqspell config file is now a conffile to
prevent overwrites.
-- Sam Johnston <samj@debian.org> Wed, 2 Jan 2002 15:20:07 +1100
2001
squirrelmail (1:1.2.0-1) unstable; urgency=low
* New upstream release * Plugin detection/symlink problem in conf.pl fixed * Merry Christmas
-- Sam Johnston <samj@debian.org> Tue, 25 Dec 2001 18:31:05 +1100
squirrelmail (1.2.0-rc3-2) unstable; urgency=low
* Edited apache configuration to resolve 404 errors. There is some
discussion upstream about incompatibilities between SM and PHP
4.1.0, including a discussion about get_location returning null
so I expect these issues will be resolved by the (christmas day)
release of 1.2.0. Closes #125866.
-- Sam Johnston <samj@debian.org> Thu, 20 Dec 2001 11:37:00 +1100
squirrelmail (1.2.0-rc3-1) unstable; urgency=low
* New upstream release * Fixed up description formatting problem. Closes: #114871 * Removed require_once patches applied in rc2-2. Fixed upstream. * Fixed password parsing problem. Closes: #115225 * Speed improvements and optimisations * Several plugins integrated into the core or added as 'official' * New paginator, rewrite of option pages code, etc.
-- Sam Johnston <samj@debian.org> Sun, 16 Dec 2001 23:53:36 +1100
squirrelmail (1.2.0-rc2-3) unstable; urgency=low
* Created a fairly intelligent script for packaging up plugins.
It goes by the name of smpackage and it lives in the examples
directory, for want of a better home.
* Uploaded 40-something libsquirrelmail-* plugin packages. Enjoy.
-- Sam Johnston <samj@debian.org> Mon, 8 Oct 2001 03:16:24 +1000
squirrelmail (1.2.0-rc2-2) unstable; urgency=low
* Resolved problems with redeclaring functions by replacing include()s
with require_once()s
* Closes: 114531
-- Sam Johnston <samj@debian.org> Fri, 5 Oct 2001 18:18:53 +1000
squirrelmail (1.2.0-rc2-1) unstable; urgency=low
* New upstream release
-- Sam Johnston <samj@debian.org> Wed, 3 Oct 2001 00:08:20 +1000
squirrelmail (1.0.6-2) unstable; urgency=low
* Added support to conf.pl for automated plugin installation and removal
-- Sam Johnston <samj@debian.org> Tue, 2 Oct 2001 22:15:25 +1000
squirrelmail (1.0.6-1) unstable; urgency=low
* Initial Release
* Kudos to Bart Bunting for his initial work on packaging
squirrelmail
* Closes #86125
-- Sam Johnston <samj@debian.org> Tue, 2 Oct 2001 21:39:10 +1000