[Pkg-roundcube-maintainers] roundcube_1.4.3+dfsg.1-1~bpo10+1_amd64.changes ACCEPTED into buster-backports, buster-backports
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Tue Apr 14 07:00:28 BST 2020
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Mar 2020 20:14:29 +0200
Source: roundcube
Binary: roundcube roundcube-core roundcube-mysql roundcube-pgsql roundcube-plugins roundcube-sqlite3
Architecture: source all
Version: 1.4.3+dfsg.1-1~bpo10+1
Distribution: buster-backports
Urgency: medium
Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers at lists.alioth.debian.org>
Changed-By: Dominik George <natureshadow at debian.org>
Description:
roundcube - skinnable AJAX based webmail solution for IMAP servers - metapack
roundcube-core - skinnable AJAX based webmail solution for IMAP servers
roundcube-mysql - metapackage providing MySQL dependencies for RoundCube
roundcube-pgsql - metapackage providing PostgreSQL dependencies for RoundCube
roundcube-plugins - skinnable AJAX based webmail solution for IMAP servers - plugins
roundcube-sqlite3 - metapackage providing SQLite dependencies for RoundCube
Closes: 897014 898068 918126 923142 927713 947320 948011 948034 951194
Changes:
roundcube (1.4.3+dfsg.1-1~bpo10+1) buster-backports; urgency=medium
.
* Rebuild for buster-backports.
+ Add myself as Uplaoder to track package.
+ Lower dependency on libjs-codemirror after checking upstream
changelog for backwards-compatibility.
.
roundcube (1.4.3+dfsg.1-1) unstable; urgency=medium
.
* New upstream release.
* d/roundcube-core.post*:
+ Replace tabs with spaces.
+ Pass flag '-f' to rm(1).
* d/roundcube-core.postinst:
+ Create temporary config file with restricted permissions. Previously
the file was created with mode 0644 (minus umask), possibly leaking
secrets to a local attacker during a short time window. (The file was,
and still is, removed later during the postinst stage.)
+ If the config file /etc/roundcube/config.inc.php already exists, don't
override its ownership or mode. Otherwise (atomically) create it with
owner root:www-data and mode 0640, like before. (Closes: #951194)
+ Honor dpkg-statoverride(1) rules on /var/lib/roundcube/temp and
/var/log/roundcube: don't chown/chmod these directories if the local
admin has defined overrides.
* d/roundcube-core.postrm:
+ Also remove '.ucf-{new,old,dist}'-suffixed configuration files on purge,
as suggested by ucf(1).
+ Only recursively remove /var/lib/roundcube/temp on purge, not its
parent /var/lib/roundcube. Roundcube needs only write access to the
temp dir.
* d/patches/update_script.patch: Restore patch removed in 1.4.1+dfsg.1-1
to fix the ucf logic.
* d/patches/dbconfig-common_support.patch: Use C++ style comment for
consistency.
.
roundcube (1.4.2+dfsg.1-2) unstable; urgency=medium
.
* d/control:
+ Specify minimum versions for libjs-* dependencies.
+ Bump Standards-Version to 4.5.0 (no changes needed).
* d/roundcube-core.links: link to /usr/share/javascript/$FOO, instead of its
unreliable target name. (Closes: #948011)
* d/roundcube-core.logrotate:
+ Add glob pattern for /var/log/roundcube/*.log, as ".log" is the default
extension used for log filenames since 1.4-beta. (Closes: #948034)
+ Rotate daily and reduce the retention period to 14 days to match the
new apache2 and nginx defaults.
* d/rules: Rebuild skins/elastic/styles/{styles,print,embed}.css from the
.less sources instead of shipping the upstream versions. This requires
lessc(1) from node-less in the build environment.
.
roundcube (1.4.2+dfsg.1-1) unstable; urgency=low
.
* New upstream release.
* d/control: roundcube-plugins now suggests php-cli as enigma's
import_keys.sh requires it.
.
roundcube (1.4.1+dfsg.1-2) unstable; urgency=low
.
[ Sandro Knauß ]
* Add patch to Fix "Retry to connect to IMAP server" (Closes: #947320)
.
roundcube (1.4.1+dfsg.1-1) experimental; urgency=low
.
* New upstream release.
+ New Depends (and Build-Depends) 'php-mbstring', required by a call to
mb_internal_encoding() in program/lib/Roundcube/bootstrap.php.
* Rebase debian/install-jsdeps.sh from bin/install-jsdeps.sh.
* Use system JS dependencies when possible: JQuery from libjs-jquery, jstz
from libjs-jstimezonedetect, codemirror from libjs-codemirror, bootstrap
from libjs-bootstrap4, jquery-minicolors from libjs-jquery-minicolors,
libjs-jquery-minicolors, JQuery UI from libjs-jquery-ui.
* New Build-Depends: closure-compiler, used for JS minification instead of
yui-compressor. closure-compiler is what upstream uses, and
yui-compressor is unable to compress 1.4's program/js/app.js and
skins/elastic/ui.js.
* Move plugin README.md files to /usr/share/doc/roundcube/plugins/$PLUGIN
* Ensure INSTALL_PATH is always set to /var/lib/roundcube in the upstream
tools.
* d/roundcube-core.postinst: The honored environment variable for confdir is
RCUBE_CONFIG_PATH, not RCMAIL_CONFIG_DIR.
* d/control: Bump Standards-Version to 4.4.1 (no changes needed).
* Refresh tinymce language pack from upstream.
* d/control, d/compat: Set debhelper-compat version in Build-Depends.
* d/control: Set 'Rules-Requires-Root: no'.
.
roundcube (1.3.10+dfsg.1-1) unstable; urgency=medium
.
* New upstream release: (Closes: #927713)
- Fixes CVE-2019-10740
.
[ Guilhem Moulin ]
* Backport fix for CVE-2018-1000071: Insecure Permissions vulnerability in
enigma plugin that can result in exfiltration of gpg private key.
https://github.com/roundcube/roundcubemail/issues/6173 (Closes: #897014)
* New upstream release (1.3.9). (Closes: #898068)
* d/roundcube-core.config: Honor debconf setting roundcube/language, by
skipping the relevant part at pre-configure stage. (Closes: #923142)
* d/roundcube-core.postinst: Create temporary configuration file atomically.
* d/upstream/signing-key.asc: Minimize OpenPGP certificate.
* Add new plugins to roundcube-plugins: 'attachment_reminder' (closes:
#918126), 'example_addressbook', 'identicon', 'identity_select' and
'redundant_attachments'.
* d/control: Bump Standards-Version to 4.3.0 (no changes needed).
Checksums-Sha1:
a973ac64bbb7d41b286a1d2a502ae0b26c8386e5 2609 roundcube_1.4.3+dfsg.1-1~bpo10+1.dsc
25858554290c0138c9fd5b21fdcdf2df6c07412f 2969932 roundcube_1.4.3+dfsg.1.orig.tar.xz
6fb51f30d3117c43cbfff7d8e8cae82ec753edb3 1227184 roundcube_1.4.3+dfsg.1-1~bpo10+1.debian.tar.xz
7f5466ca3b0b87bba3d66859703e76a6959c61d3 2967224 roundcube-core_1.4.3+dfsg.1-1~bpo10+1_all.deb
6a9eadfa2b12565476203fddc79e1a6c5fddc359 87404 roundcube-mysql_1.4.3+dfsg.1-1~bpo10+1_all.deb
4e71c50f7debe59067b7f04e8d9f84ed476040c3 87380 roundcube-pgsql_1.4.3+dfsg.1-1~bpo10+1_all.deb
b246bf37e1bd01b4e3c4a6d3aa3ebe65c2416b5c 994504 roundcube-plugins_1.4.3+dfsg.1-1~bpo10+1_all.deb
72b7a8dc0292d58d5721bb4b82637e06f1fd377e 87356 roundcube-sqlite3_1.4.3+dfsg.1-1~bpo10+1_all.deb
6a7cf009c3443be82ad213fe941d03938bb664f3 1456 roundcube_1.4.3+dfsg.1-1~bpo10+1_all.deb
db9e9d27f7684986c467450b8cc58d018f1b1914 9774 roundcube_1.4.3+dfsg.1-1~bpo10+1_amd64.buildinfo
Checksums-Sha256:
69ea45b799c5dd223906cdae5d632760d2a44ce6fd1862afce41ca686a37d681 2609 roundcube_1.4.3+dfsg.1-1~bpo10+1.dsc
143a4c7a076f7efdfe3b03f02b6888f134fb75b9b280477a4bfffa2114e309b7 2969932 roundcube_1.4.3+dfsg.1.orig.tar.xz
0d8cd7f5a98189d43bb29d6defcbd166d068c6b92839f976da18399b6aa4c5b1 1227184 roundcube_1.4.3+dfsg.1-1~bpo10+1.debian.tar.xz
752e30b7501cd95662631d99f9f6d2cd8d383a5b5bca4fa063b38f5d9950b0fa 2967224 roundcube-core_1.4.3+dfsg.1-1~bpo10+1_all.deb
703c3809673dcfccd0eea0302098c5bff9de41304d89c2d60ab8b196161996f8 87404 roundcube-mysql_1.4.3+dfsg.1-1~bpo10+1_all.deb
6c8d53fac86aeac8e4fa1f4f25d072ea6f3aee5bd213befc1c565e88eb30a169 87380 roundcube-pgsql_1.4.3+dfsg.1-1~bpo10+1_all.deb
365a9183b4026a2e94db45b6dc4418524321c5ae052a9367b75a956f18d20507 994504 roundcube-plugins_1.4.3+dfsg.1-1~bpo10+1_all.deb
17096240b1df9987c53a3b30bf44d6f2894f04063c131a6e30f7c59348ca1ac8 87356 roundcube-sqlite3_1.4.3+dfsg.1-1~bpo10+1_all.deb
8125fef0c2f770a2e2fe231b069602352919a0e64b9e82d83c7a7ed7b49ce120 1456 roundcube_1.4.3+dfsg.1-1~bpo10+1_all.deb
dfde1dd819bc268e7b6491b5d5975428a51fc3a1577d4275ecda23653b750fc9 9774 roundcube_1.4.3+dfsg.1-1~bpo10+1_amd64.buildinfo
Files:
042e17820587ddb8bd617c33b6e07fad 2609 web optional roundcube_1.4.3+dfsg.1-1~bpo10+1.dsc
5c84a4f58e4cd0dbc92ba76e424eaac2 2969932 web optional roundcube_1.4.3+dfsg.1.orig.tar.xz
ad9269fcf6bd3aa92ac8db3240dcdc79 1227184 web optional roundcube_1.4.3+dfsg.1-1~bpo10+1.debian.tar.xz
35b59b48eda55f6bad5249ff8a386a9f 2967224 web optional roundcube-core_1.4.3+dfsg.1-1~bpo10+1_all.deb
6853ea299bf41a679cd15059e5aa0587 87404 web optional roundcube-mysql_1.4.3+dfsg.1-1~bpo10+1_all.deb
3d7b30b83a5314f5725588e15559865c 87380 web optional roundcube-pgsql_1.4.3+dfsg.1-1~bpo10+1_all.deb
63a4107519d6811909091772b9d92f1c 994504 web optional roundcube-plugins_1.4.3+dfsg.1-1~bpo10+1_all.deb
ac11c3c26290add754d090f49c5372c9 87356 web optional roundcube-sqlite3_1.4.3+dfsg.1-1~bpo10+1_all.deb
09c3088d2616186adb7a1813e75ee845 1456 web optional roundcube_1.4.3+dfsg.1-1~bpo10+1_all.deb
b58199cd4d7a350de26ceb8c7225765d 9774 web optional roundcube_1.4.3+dfsg.1-1~bpo10+1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl6PctgxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW
oMTylkF3D/oCXrcynjf1XTJE1Y+neEpwpGeiFn/X+FTWg3VchlX8qCi1i8YQY87V
GCEnBG3LtAKyualWXx+grtAWj/Ta7TTJ9F5dxJO6XttOkxuxI1o3Fz1F4GeKuetg
uf2M44TVxfyCRNxZs0Kv2ozqI0e7us62kRltB6wgp8jhqn6sRDZsRxn5tHn37eD8
ROXlLsHXr6OkL96zdYR7/UTQfOd3qWhDa2q0OknM7oPuSnCCjh9ilCoGlSmKt2sB
xyWhxSYxgRJZl0oqBIqWFuyvLvXdxLw+kuGNRU+0isbn3lXs8SCIqgeoV8kwf6/5
QMxPeo9LurhRIpX6TlXRjMN6wBH7PIBDxj0d6w9sNP6ijj8mIK6/mreUiX1kUpxT
ikQMyTNvWPz7GrnqiGdHz8edswNgoyQdioLAtOv8gAxHnTsgJsyRyeDK4UyKAAmn
HbXiIUMnheHzTOaW5tT+5C0AC+sQs2tbaFtPQcO3N2o/fcPVZcvfclKdfrNHUpk9
3ROCVXPGJtVgZioagqUzLwZZdbRVhkSIvZJmZXjPuCZ4qqQg4dQcPcA0B1mnWRgh
3KNNLQ7vM0iycs5zEtLXFlliaIp0ciLbOzb4/1b9A5BjX2AwOLSwmmRsGuDEUCvg
2FlY6gdqU8qLrButoT5CYUCXmnZZV3GFFlbClRagPZnO4J5zjYgBiA==
=99de
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-roundcube-maintainers
mailing list