-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 30 Mar 2020 20:14:29 +0200 Source: roundcube Binary: roundcube roundcube-core roundcube-mysql roundcube-pgsql roundcube-plugins roundcube-sqlite3 Architecture: source all Version: 1.4.3+dfsg.1-1~bpo10+1 Distribution: buster-backports Urgency: medium Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org> Changed-By: Dominik George <natureshadow@debian.org> Description: roundcube - skinnable AJAX based webmail solution for IMAP servers - metapack roundcube-core - skinnable AJAX based webmail solution for IMAP servers roundcube-mysql - metapackage providing MySQL dependencies for RoundCube roundcube-pgsql - metapackage providing PostgreSQL dependencies for RoundCube roundcube-plugins - skinnable AJAX based webmail solution for IMAP servers - plugins roundcube-sqlite3 - metapackage providing SQLite dependencies for RoundCube Closes: 897014 898068 918126 923142 927713 947320 948011 948034 951194 Changes: roundcube (1.4.3+dfsg.1-1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. + Add myself as Uplaoder to track package. + Lower dependency on libjs-codemirror after checking upstream changelog for backwards-compatibility. . roundcube (1.4.3+dfsg.1-1) unstable; urgency=medium . * New upstream release. * d/roundcube-core.post*: + Replace tabs with spaces. + Pass flag '-f' to rm(1). * d/roundcube-core.postinst: + Create temporary config file with restricted permissions. Previously the file was created with mode 0644 (minus umask), possibly leaking secrets to a local attacker during a short time window. (The file was, and still is, removed later during the postinst stage.) + If the config file /etc/roundcube/config.inc.php already exists, don't override its ownership or mode. Otherwise (atomically) create it with owner root:www-data and mode 0640, like before. (Closes: #951194) + Honor dpkg-statoverride(1) rules on /var/lib/roundcube/temp and /var/log/roundcube: don't chown/chmod these directories if the local admin has defined overrides. * d/roundcube-core.postrm: + Also remove '.ucf-{new,old,dist}'-suffixed configuration files on purge, as suggested by ucf(1). + Only recursively remove /var/lib/roundcube/temp on purge, not its parent /var/lib/roundcube. Roundcube needs only write access to the temp dir. * d/patches/update_script.patch: Restore patch removed in 1.4.1+dfsg.1-1 to fix the ucf logic. * d/patches/dbconfig-common_support.patch: Use C++ style comment for consistency. . roundcube (1.4.2+dfsg.1-2) unstable; urgency=medium . * d/control: + Specify minimum versions for libjs-* dependencies. + Bump Standards-Version to 4.5.0 (no changes needed). * d/roundcube-core.links: link to /usr/share/javascript/$FOO, instead of its unreliable target name. (Closes: #948011) * d/roundcube-core.logrotate: + Add glob pattern for /var/log/roundcube/*.log, as ".log" is the default extension used for log filenames since 1.4-beta. (Closes: #948034) + Rotate daily and reduce the retention period to 14 days to match the new apache2 and nginx defaults. * d/rules: Rebuild skins/elastic/styles/{styles,print,embed}.css from the .less sources instead of shipping the upstream versions. This requires lessc(1) from node-less in the build environment. . roundcube (1.4.2+dfsg.1-1) unstable; urgency=low . * New upstream release. * d/control: roundcube-plugins now suggests php-cli as enigma's import_keys.sh requires it. . roundcube (1.4.1+dfsg.1-2) unstable; urgency=low . [ Sandro Knauß ] * Add patch to Fix "Retry to connect to IMAP server" (Closes: #947320) . roundcube (1.4.1+dfsg.1-1) experimental; urgency=low . * New upstream release. + New Depends (and Build-Depends) 'php-mbstring', required by a call to mb_internal_encoding() in program/lib/Roundcube/bootstrap.php. * Rebase debian/install-jsdeps.sh from bin/install-jsdeps.sh. * Use system JS dependencies when possible: JQuery from libjs-jquery, jstz from libjs-jstimezonedetect, codemirror from libjs-codemirror, bootstrap from libjs-bootstrap4, jquery-minicolors from libjs-jquery-minicolors, libjs-jquery-minicolors, JQuery UI from libjs-jquery-ui. * New Build-Depends: closure-compiler, used for JS minification instead of yui-compressor. closure-compiler is what upstream uses, and yui-compressor is unable to compress 1.4's program/js/app.js and skins/elastic/ui.js. * Move plugin README.md files to /usr/share/doc/roundcube/plugins/$PLUGIN * Ensure INSTALL_PATH is always set to /var/lib/roundcube in the upstream tools. * d/roundcube-core.postinst: The honored environment variable for confdir is RCUBE_CONFIG_PATH, not RCMAIL_CONFIG_DIR. * d/control: Bump Standards-Version to 4.4.1 (no changes needed). * Refresh tinymce language pack from upstream. * d/control, d/compat: Set debhelper-compat version in Build-Depends. * d/control: Set 'Rules-Requires-Root: no'. . roundcube (1.3.10+dfsg.1-1) unstable; urgency=medium . * New upstream release: (Closes: #927713) - Fixes CVE-2019-10740 . [ Guilhem Moulin ] * Backport fix for CVE-2018-1000071: Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. https://github.com/roundcube/roundcubemail/issues/6173 (Closes: #897014) * New upstream release (1.3.9). (Closes: #898068) * d/roundcube-core.config: Honor debconf setting roundcube/language, by skipping the relevant part at pre-configure stage. (Closes: #923142) * d/roundcube-core.postinst: Create temporary configuration file atomically. * d/upstream/signing-key.asc: Minimize OpenPGP certificate. * Add new plugins to roundcube-plugins: 'attachment_reminder' (closes: #918126), 'example_addressbook', 'identicon', 'identity_select' and 'redundant_attachments'. * d/control: Bump Standards-Version to 4.3.0 (no changes needed). Checksums-Sha1: a973ac64bbb7d41b286a1d2a502ae0b26c8386e5 2609 roundcube_1.4.3+dfsg.1-1~bpo10+1.dsc 25858554290c0138c9fd5b21fdcdf2df6c07412f 2969932 roundcube_1.4.3+dfsg.1.orig.tar.xz 6fb51f30d3117c43cbfff7d8e8cae82ec753edb3 1227184 roundcube_1.4.3+dfsg.1-1~bpo10+1.debian.tar.xz 7f5466ca3b0b87bba3d66859703e76a6959c61d3 2967224 roundcube-core_1.4.3+dfsg.1-1~bpo10+1_all.deb 6a9eadfa2b12565476203fddc79e1a6c5fddc359 87404 roundcube-mysql_1.4.3+dfsg.1-1~bpo10+1_all.deb 4e71c50f7debe59067b7f04e8d9f84ed476040c3 87380 roundcube-pgsql_1.4.3+dfsg.1-1~bpo10+1_all.deb b246bf37e1bd01b4e3c4a6d3aa3ebe65c2416b5c 994504 roundcube-plugins_1.4.3+dfsg.1-1~bpo10+1_all.deb 72b7a8dc0292d58d5721bb4b82637e06f1fd377e 87356 roundcube-sqlite3_1.4.3+dfsg.1-1~bpo10+1_all.deb 6a7cf009c3443be82ad213fe941d03938bb664f3 1456 roundcube_1.4.3+dfsg.1-1~bpo10+1_all.deb db9e9d27f7684986c467450b8cc58d018f1b1914 9774 roundcube_1.4.3+dfsg.1-1~bpo10+1_amd64.buildinfo Checksums-Sha256: 69ea45b799c5dd223906cdae5d632760d2a44ce6fd1862afce41ca686a37d681 2609 roundcube_1.4.3+dfsg.1-1~bpo10+1.dsc 143a4c7a076f7efdfe3b03f02b6888f134fb75b9b280477a4bfffa2114e309b7 2969932 roundcube_1.4.3+dfsg.1.orig.tar.xz 0d8cd7f5a98189d43bb29d6defcbd166d068c6b92839f976da18399b6aa4c5b1 1227184 roundcube_1.4.3+dfsg.1-1~bpo10+1.debian.tar.xz 752e30b7501cd95662631d99f9f6d2cd8d383a5b5bca4fa063b38f5d9950b0fa 2967224 roundcube-core_1.4.3+dfsg.1-1~bpo10+1_all.deb 703c3809673dcfccd0eea0302098c5bff9de41304d89c2d60ab8b196161996f8 87404 roundcube-mysql_1.4.3+dfsg.1-1~bpo10+1_all.deb 6c8d53fac86aeac8e4fa1f4f25d072ea6f3aee5bd213befc1c565e88eb30a169 87380 roundcube-pgsql_1.4.3+dfsg.1-1~bpo10+1_all.deb 365a9183b4026a2e94db45b6dc4418524321c5ae052a9367b75a956f18d20507 994504 roundcube-plugins_1.4.3+dfsg.1-1~bpo10+1_all.deb 17096240b1df9987c53a3b30bf44d6f2894f04063c131a6e30f7c59348ca1ac8 87356 roundcube-sqlite3_1.4.3+dfsg.1-1~bpo10+1_all.deb 8125fef0c2f770a2e2fe231b069602352919a0e64b9e82d83c7a7ed7b49ce120 1456 roundcube_1.4.3+dfsg.1-1~bpo10+1_all.deb dfde1dd819bc268e7b6491b5d5975428a51fc3a1577d4275ecda23653b750fc9 9774 roundcube_1.4.3+dfsg.1-1~bpo10+1_amd64.buildinfo Files: 042e17820587ddb8bd617c33b6e07fad 2609 web optional roundcube_1.4.3+dfsg.1-1~bpo10+1.dsc 5c84a4f58e4cd0dbc92ba76e424eaac2 2969932 web optional roundcube_1.4.3+dfsg.1.orig.tar.xz ad9269fcf6bd3aa92ac8db3240dcdc79 1227184 web optional roundcube_1.4.3+dfsg.1-1~bpo10+1.debian.tar.xz 35b59b48eda55f6bad5249ff8a386a9f 2967224 web optional roundcube-core_1.4.3+dfsg.1-1~bpo10+1_all.deb 6853ea299bf41a679cd15059e5aa0587 87404 web optional roundcube-mysql_1.4.3+dfsg.1-1~bpo10+1_all.deb 3d7b30b83a5314f5725588e15559865c 87380 web optional roundcube-pgsql_1.4.3+dfsg.1-1~bpo10+1_all.deb 63a4107519d6811909091772b9d92f1c 994504 web optional roundcube-plugins_1.4.3+dfsg.1-1~bpo10+1_all.deb ac11c3c26290add754d090f49c5372c9 87356 web optional roundcube-sqlite3_1.4.3+dfsg.1-1~bpo10+1_all.deb 09c3088d2616186adb7a1813e75ee845 1456 web optional roundcube_1.4.3+dfsg.1-1~bpo10+1_all.deb b58199cd4d7a350de26ceb8c7225765d 9774 web optional roundcube_1.4.3+dfsg.1-1~bpo10+1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl6PctgxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTylkF3D/oCXrcynjf1XTJE1Y+neEpwpGeiFn/X+FTWg3VchlX8qCi1i8YQY87V GCEnBG3LtAKyualWXx+grtAWj/Ta7TTJ9F5dxJO6XttOkxuxI1o3Fz1F4GeKuetg uf2M44TVxfyCRNxZs0Kv2ozqI0e7us62kRltB6wgp8jhqn6sRDZsRxn5tHn37eD8 ROXlLsHXr6OkL96zdYR7/UTQfOd3qWhDa2q0OknM7oPuSnCCjh9ilCoGlSmKt2sB xyWhxSYxgRJZl0oqBIqWFuyvLvXdxLw+kuGNRU+0isbn3lXs8SCIqgeoV8kwf6/5 QMxPeo9LurhRIpX6TlXRjMN6wBH7PIBDxj0d6w9sNP6ijj8mIK6/mreUiX1kUpxT ikQMyTNvWPz7GrnqiGdHz8edswNgoyQdioLAtOv8gAxHnTsgJsyRyeDK4UyKAAmn HbXiIUMnheHzTOaW5tT+5C0AC+sQs2tbaFtPQcO3N2o/fcPVZcvfclKdfrNHUpk9 3ROCVXPGJtVgZioagqUzLwZZdbRVhkSIvZJmZXjPuCZ4qqQg4dQcPcA0B1mnWRgh 3KNNLQ7vM0iycs5zEtLXFlliaIp0ciLbOzb4/1b9A5BjX2AwOLSwmmRsGuDEUCvg 2FlY6gdqU8qLrButoT5CYUCXmnZZV3GFFlbClRagPZnO4J5zjYgBiA== =99de -----END PGP SIGNATURE-----
