radicale (1.1.6-1) unstable; urgency=medium [ upstream ] * New release(s). + Improve logging for --export-storage. -- Jonas Smedegaard Wed, 26 Jul 2017 00:24:08 +0000 radicale (1.1.4-1) unstable; urgency=medium [ upstream ] * New release(s). + Security fix: Add random timer to avoid timing oracles and simple bruteforce attacks when using the htpasswd authentication method. + Various minor fixes. + Add --export-storage=FOLDER command-line argument. [ Jonas Smedegaard ] * Set upstream-stretch as upstream branch for git-buildpackage. * Update watch file: Tighten to track only 1.x.x. * Drop patches cherry-picked upstream and since applied. * Unfuzz patch 2001. * Update package relations: Relax to build-depend unversioned on cdbs. -- Jonas Smedegaard Tue, 27 Jun 2017 18:34:06 +0200 radicale (1.1.1+20160115-4) unstable; urgency=high * Add patch cherry-picked upstream to fix Python3 compatibility of ssha part of htpasswd. * Add patch cherry-picked upstream to fix security bug: Add delay in htpasswd authentication. Closes: Bug#861514. -- Jonas Smedegaard Sun, 30 Apr 2017 09:14:16 +0200 radicale (1.1.1+20160115-3) unstable; urgency=medium * Set master-stretch as debian branch for big-buildpackage. * Add patch to not bogusly quote (commented out) strings for .well-known paths in configfile (and while at it, use relative paths suitable for more use cases). Closes: Bug#845508. Thanks to Martín Ferrari. * Add symlink below /usr/share/doc/radicale to sql.schema, to ease locating it. Closes: Bug#843309. Thanks to Joey Schulze. * Shorten commands in README.source (strip gbp options set in config). * Modernize CDBS use: Build-depend on licensecheck (not devscripts). -- Jonas Smedegaard Tue, 29 Nov 2016 21:37:38 +0100 radicale (1.1.1+20160115-2) unstable; urgency=medium * Add patch cherry-picked upstream, to clean tests. * Check upstream testsuite during build and in autopkgtest. Build-depend on python-pytest. * Fix generate manpage: + Have help2man rule emit output on failure. + Fix declare prerequisites for help2man rule. + Fix resolve PYTHONPATH more flexibly. Closes: Bug#824129. Thanks to Chris Lamb. -- Jonas Smedegaard Sat, 21 May 2016 14:47:20 +0200 radicale (1.1.1+20160115-1) unstable; urgency=medium [ upstream ] * Snapshot from 1.1.x git branch. + Repair "head" request: Correct function name. + Fix the Collection._parse docstring. + Quick fix for multifilesystem: - Use component names to filter duplicates. - Also remove items from the collections itself. [ Jonas Smedegaard ] * Update watch file: + Modernize to use format 4. + Mention gbp in usage hint comment. * Update git-buildpackage config: Filter any .git* file. * Add section on getting upstream source to README.source. * Update autopkgtest: + Fix FAIL_OK handling. + Print server log on failure. * Update copyright info: + Fix alternate Github https URL. + Extend coverage of packaging. -- Jonas Smedegaard Mon, 11 Apr 2016 17:31:58 +0200 radicale (1.1.1-3) unstable; urgency=medium * Improve autopkgtest: + Enable CalDAV/implicitacls.xml. + Fix allow output to stderr. + Fix avoid Validation-CalDAV (causes timeout). -- Jonas Smedegaard Sun, 10 Apr 2016 12:44:37 +0200 radicale (1.1.1-2) unstable; urgency=medium * Add patch 1001 to fix return 404 when trying to delete a non existing item. Thanks to Guido Günther. * Add pkgautotest. Thanks to Guido Günther. * Declare compliance with Debian Policy 3.9.8. * Modernize Vcs-Git field URL: Use https protocol. -- Jonas Smedegaard Sun, 10 Apr 2016 02:54:13 +0200 radicale (1.1.1-1) unstable; urgency=medium [ upstream ] * New release(s). Changed functionality: + Use the first matching section for rights. Security fixes: + Improve the regex used for well-known URIs. + Prevent regex injection in rights management. + Prevent crafted HTTP request from calling arbitrary functions. + Improve URI sanitation and conversion to filesystem path. + Decouple the daemon from its parent environment. Closes: bug#809920 (CVE-2015-8747 CVE-2015-8748). Thanks to Felix Knecht. Bugfixes and minor enhancements: + Assign new items to correct key. + Avoid race condition in PID file creation. + Improve the docker version. + Encode message and committer for git commits. + Test with Python 3.5. [ Jonas Smedegaard ] * Update TODOs. * Add NEWS entry about changed access rights parsing logic. * Drop patches now included upstream. -- Jonas Smedegaard Tue, 12 Jan 2016 09:17:35 +0530 radicale (1.0.1-3) experimental; urgency=medium * Provide python3-radicale package. * Update package relations: Tighten build-dependencies on cdbs. Build-depend on python3 and python3-setuptools. -- Jonas Smedegaard Wed, 28 Oct 2015 15:59:56 +0100 radicale (1.0.1-2) unstable; urgency=medium * Add patch cherry-picked upstream to fix encoding of git commits. * Add patch cherry-picked upstream to mention htpasswd encryption methods md5 and bcrypt in config file. * Fix lintian overrides. * Bump debhelper compatibility level to 9. * Add lintian override regarding debhelper 9. -- Jonas Smedegaard Wed, 28 Oct 2015 14:53:41 +0100 radicale (1.0.1-1) unstable; urgency=medium [ upstream ] * New upstream release. + Update the version because of a stupid "feature"™ of PyPI. [ Jonas Smedegaard ] * Modernize git-buildpackage config: Avoid git- prefix. * Fix codename in 1.0-1 changelog entry. -- Jonas Smedegaard Sat, 24 Oct 2015 20:20:03 +0200 radicale (1.0-1) unstable; urgency=medium [ upstream ] * New release - codename "Sunflower". + Enhanced performances. + Add MD5-APR1 and BCRYPT for htpasswd-based authentication. + Use PAM service. + Don't discard PROPPATCH on empty collections. + Write the path of the collection in the git message. + Tests launched on Travis [ Jonas Smedegaard ] * Update package relations: + Suggest python-passlib. + Build-depend on python-setuptools. * Update copyright info: + Extend coverage for upstream authors. + Use License-Grant and License-Reference fields. Thanks to Ben Finney. * Add lintian override regarding license in License-Reference field. See bug#786450. -- Jonas Smedegaard Mon, 21 Sep 2015 11:50:59 +0200 radicale (0.10-2) unstable; urgency=medium * Update Vcs-* fields. * Update copyright info: + Extend coverage for myself. + Bump packaging license to GPL-3+. -- Jonas Smedegaard Sat, 16 May 2015 14:26:03 +0200 radicale (0.10-1) experimental; urgency=medium [ upstream ] * New release - codename "Lovely Endless Grass". + IMAP: don't spam the logs about non-SSL connections to localhost. + Fix owner-read-write rule in rights example file. [ Jonas Smedegaard ] * Revert to track upstream upstream releases (not specific snapshot). * Declare compliance with Debian Policy 3.9.6. -- Jonas Smedegaard Fri, 23 Jan 2015 13:58:53 +0100 radicale (0.10~20150105+abb1de8-1) experimental; urgency=medium [ upstream ] * snapshot of not yet formally released changes. + Support well-known URLs. + Fix collection discovery. + Reload logger config on SIGHUP. + Remove props files when deleting a collection. + Support salted SHA1 passwords. [ Jonas Smedegaard ] * Temporarily track upstream git snapshot. * Really improve short and long descriptions (missed in 0.9-1). * Really suggest python-dulwich (missed in 0.9-1). * Stop comment out defaults in configfile: Fixed upstream. * Unfuzz patch 2001. -- Jonas Smedegaard Wed, 07 Jan 2015 18:01:25 +0100 radicale (0.9-1) unstable; urgency=medium [ upstream ] * New release - codename "Rivers". + Custom handlers for auth, storage and rights. + 1-file-per-event storage. + Git support for filesystem storages. + DB storage working with PostgreSQL, MariaDB and SQLite. + Clean rights manager based on regular expressions. + Support of contacts for Apple's clients. + Support colors. + Decode URLs in XML. + Fix PAM authentication. + Use consistent etags. + Use consistent sorting order. + Return 401 on unauthorized DELETE requests. + Move pid file creation in child process. + Allow requests without base_prefix. [ Jonas Smedegaard ] * Fix tidy execution bit and hashbang of FCGI and WSGI scripts. * Update copyright info: + Add a copyright holder. + Add email of a copyright holder. * Improve short and long descriptions. * Suggest python-dulwich: Needed for git-tracked filesystem backend. * Update patches. -- Jonas Smedegaard Mon, 25 Aug 2014 02:45:51 +0200 radicale (0.8-2) unstable; urgency=medium * Update TODOs with references to upstream issue tracking. * Include as normal files (not examples) WSGI and FCGI scripts and SQL schema: They should be perfectly usable as-is. Closes: Bug#682016. Thanks to Konstantin Khomoutov. * Tidy SysV init file slightly. * Fix allow read access for adm group to logfiles. Thanks to Konstantin Khomoutov. * Bump standards-version to 3.9.5. * Include upstream documentation, fetched from Github. Closes: Bug#730044. Thanks to W. Martin Borgert. * Relax build-dependency on cdbs (likely was too tight due to a bug in cdbs in checking Python build system was used from a subdir). -- Jonas Smedegaard Thu, 08 May 2014 18:00:56 +0200 radicale (0.8-1) unstable; urgency=low [ upstream ] * New release. + New rights management; configurations need to be updated. Closes: bug#676660. [ Christian M. Amsüss ] * Drop patch 0001: Applied upstream. * Update patch 1001 to comment out new options, and refresh. * Add myself as uploader. [ Martín Ferrari ] * Check DISABLED var before restarting. (Closes: #713936). * Remove Default-Stop levels from the LHS initscript header. Closes: bug#714165. * Add FCGI and WSGI scripts as examples. Related to bug#682016. [ Jonas Smedegaard ] * Adjust init script to allow stopping even when daemon disabled (only skip start part of restart action, not also stop part). * Bump debhelper compatibility to 8. * Use anonscm.debian.org URL for Vcs-Git. * Bump standards-version to 3.9.4. * Fix use comment pseudo-sections in copyright file to obey silly restrictions of copyright format 1.0. * Have git-import-orig suppress upstream .gitignore file. * Build-depend on devscripts, enabling copyright check always. * Relax to build-depend unversioned on help2man: Needed version satisfied even in oldstable. * Update watch and rules files to directly use github.com URL (not githubredir.debian.net). * Stop tracking md5sum of upstream tarball. * Install SQL schema file as example. * Fix suggest python-pampy (not python-pam). * Suggest python-requests (for http auth) and python-sqlalchemy (for SQL storage). -- Jonas Smedegaard Fri, 30 Aug 2013 22:42:14 +0200 radicale (0.7-1.1) unstable; urgency=low * Non-maintainer upload. (Acknowledged by Jonas Smedegaard) * Tighten dependency on python-radicale. Make the Depends on python-radicale explicit on the binary package version. (Closes: #699724) -- Salvatore Bonaccorso Sun, 10 Feb 2013 21:02:27 +0100 radicale (0.7-1) unstable; urgency=low * New upstream release. [ Martin Stigge ] * Remove build-dependency on python-dev. Not needed. * Add myself to Uploaders: * Remove build/ directory in clean target. * Implement daemon handling: + Add postinst for creation of user and directory. + Add postrm to remove log and run dirs from /var. + Add initscript and defaults file + Patch configuration to fit daemon needs. + Add logrotate config file. + Depend on adduser. * Comment out all config defaults to ease maintenance. * Add patch 0001 to fix Iceowl support in newly created calendars, cherry-picked from upstream VCS. [ Jonas Smedegaard ] * Update CDBS suppression for unneeded build-dependency on python-dev. * Bump standards-version to 3.9.3. * Simplify install files, as supported by debhelper 7. * Use anonscm.debian.org for Vcs-Browser field. * Extend my copyright for Debian packaging. * Update copyright file: + Bump format to 1.0. + Fix double-indent in Copyright fields as per Policy §5.6.13. + Shorten GPL comments. + Quote license strings in comments. + Move reference to upstream licensing URL to topmost GPL comment. + Extend copyright years. * Document authentication needs in long description. Suggest apache2-utils python-ldap python-pam courier-authdaemon. * Sync long descriptions with intro on upstream project website. * Reduce patch and split into multiple ones to ease upstream adoption. * Add --daemon and --pid options as default daemon arguments (and stop patching similarly in config file). -- Jonas Smedegaard Fri, 15 Jun 2012 00:13:19 +0200 radicale (0.6.4-1) unstable; urgency=low * New upstream release. * Use Github as upstream source. * Drop dpkg-source local-options hint: Declared options are default since dpkg-source 1.16.1. * Bump debhelper compat level to 7. * Fix install logging config file. Closes: bug#655155. Thanks to Martin Stigge. -- Jonas Smedegaard Mon, 09 Jan 2012 14:51:38 +0100 radicale (0.6.3-1) unstable; urgency=low * New upstream release. Closes: bug#640145. * Drop all patches: applied upstream now. * Use new default python helper (not deprecated python-support). Tighten build-dependency on python and python-dev to versions supporting it. Stop build-depending on python-support. * Have radicale explicitly depend on python (though already satisfied through python-radicale), to silence lintian. * Update copyright file: + Rewrite using draft 174 of DEP-5 format. + Shorten license comments. * Bump policy compliance to standards-version 3.9.2. * Adjust source for upstream changed download URL: + Relax watch file regexp. + Update DEB_UPSTREAM_URL (used by CDBS get-orig-source target). * Tighten build-dependency on cdbs. * Build-depend unversioned on debhelper: Needed version satisfied even in unstable. -- Jonas Smedegaard Tue, 20 Dec 2011 20:37:43 +0700 radicale (0.4-2) unstable; urgency=low * Ease building with git-buildpackage: + Git-ignore quilt .pc dir. + Add dpkg-source local-options. * Ease backporting: + Avoid optional build-dependencies. + Bump down debhelper compat level to 6. Relax build-dependency on debhelper accordingly. + Adjust CDBS usage to only optionally use new features. Build-depend unversioned on cdbs. Stop build-depending on devscripts. * Build-depend on dh-buildinfo. * Add patches 0001-0014 from upstream Git, for improved inter- operability with MacOS, Windows and iPhone clients. * Update copyright file: + Rewrite using Subversion rev.173 of draft DEP5 format. * Use new default python helper (not deprecated python-support). + Stop explicitly setting python helper hint in rules file. + Tighten build-dependency on python and python-dev to versions supporting it. + Stop build-depending on python-support. * Have radicale explicitly depend on python (though already satisfied through python-radicale), to silence lintian. -- Jonas Smedegaard Sat, 12 Mar 2011 15:49:03 +0100 radicale (0.4-1) unstable; urgency=low * New upstream release. [ Jonas Smedegaard ] * Install new global config file below /etc. * Bump standards-version to 3.9.1. -- Jonas Smedegaard Sun, 05 Sep 2010 15:07:52 +0200 radicale (0.3-2) unstable; urgency=low * Tighten watch file to avoid git snapshot tarball. -- Jonas Smedegaard Tue, 20 Jul 2010 12:28:33 +0200 radicale (0.3-1) unstable; urgency=low * New upstream release. * Fix watch file. * Bump Policy compliance to Standards-Version 3.9.0. -- Jonas Smedegaard Tue, 29 Jun 2010 20:02:32 +0200 radicale (0.2-3) unstable; urgency=low * Fix tighten build-dependency on help2man to versions implementing option --version-string. -- Jonas Smedegaard Tue, 18 May 2010 16:44:14 +0200 radicale (0.2-2) unstable; urgency=low * Generate manpage using script and library in destdir (not builddir). * Ensure proper hash-bang in Python script. * Fix append version to python dependency if using non-default version. * Fix have radicale depend on python-radicale. * Fix use of ${python:Provides} (not bogus ${python:Replaces}) and ${python:Versions}. -- Jonas Smedegaard Tue, 18 May 2010 04:06:34 +0200 radicale (0.2-1) unstable; urgency=low * Initial release. Closes: bug#581979. -- Jonas Smedegaard Mon, 17 May 2010 16:19:37 +0200