Change log : quassel package : Debian

1:0.14.0-2

Published in sid-release on 2023-07-22

quassel (1:0.14.0-2) unstable; urgency=medium

  * Team upload.

  [ Christian Göttsche ]
  * Update blhc configuration

  [ Debian Janitor ]
  * Trim trailing whitespace.
  * Bump debhelper from old 12 to 13.
    + debian/rules: Drop --fail-missing argument to dh_missing, which is now the
      default.
  * Fix day-of-week for changelog entries 0.5.1-2, 0.3.1+dfsg-2, 0.3.1+dfsg-1.
  * Update standards version to 4.6.1, no changes needed.
  * Avoid explicitly specifying -Wl,--as-needed linker flag.

  [ Adrian Bunk ]
  * qtwebengine5-dev is now available on mips64el.

  [ Pino Toscano ]
  * Update standards version to 4.6.2, no changes needed.
  * Drop patch 02_script_interpreter_path.patch, as now dh_perl rewrites perl
    shebangs.
  * Stop using qtwebengine5-dev on mipsel, as it will be removed soon from
    that architecture.
  * Switch the list of architectures for libqt5webkit5-dev to be a negated
    version of the ones for qtwebengine5-dev, so it is easier to maintain.
  * Remove inactive Uploaders.
  * Drop the obsolete lsb-base dependency.
  * Use chrpath to drop the extra RPATH set in binaries.
  * Remove the custom inxi script directly during dh_auto_install, rather than
    with extra checks during dh_install.
  * Use execute_after_dh_install to avoid invoking dh_install manually.
  * Use the ${perl:Depends} substvar in quassel-data.
  * CI: do not consider lintian warnings as fatal.

 -- Pino Toscano <email address hidden>  Sat, 22 Jul 2023 09:18:22 +0200

1:0.14.0-1

Published in bookworm-release on 2023-06-01

Superseded in sid-release on 2023-07-23

quassel (1:0.14.0-1) unstable; urgency=medium

  * Update d/watch to version 4 and to point to the new upstream location
  * Delete d/patches/qt514 and update d/p/series due to new release
  * New upstream release
    - Refresh patches
  * Add libboost-dev to build-depends
  * Update d/quassel-data.install for current install locations
  * Update d/rules to not build shared library: ENABLE_SHARED=OFF
  * Add libldap2-dev to build-depends to enable support for LDAP
    authentication
  * Add NEWS entry about new database and config file formats
  * Update quasselcore.1 for 0.14.0

 -- Scott Kitterman <email address hidden>  Wed, 12 Jan 2022 17:29:46 -0500

Available diffs

diff from 1:0.13.1-5ubuntu1 (in Ubuntu) to 1:0.14.0-1 (2.3 MiB)

1:0.13.1-5

Published in bullseye-release on 2021-07-22

Superseded in sid-release on 2022-01-14

quassel (1:0.13.1-5) unstable; urgency=medium

  [ Christian Göttsche ]
  * Start quasselcore with --require-ssl (Closes: #950244)

  [ Felix Geyer ]
  * Switch to debhelper compat level 12.

 -- Felix Geyer <email address hidden>  Fri, 12 Feb 2021 18:40:17 +0100

1:0.13.1-4

Superseded in sid-release on 2021-02-12

quassel (1:0.13.1-4) unstable; urgency=medium

  [ Scott Kitterman ]
  * Add explicit build-depeds on debhelper (>= 10.3~) since we use dh_missing
  * Bump standards-version to 4.5.0 without further change
  * Add Recommends: ca-certificates to quassel and quassel-client so network
    certificates can be verified

  [ Felix Geyer ]
  * Add patches to fix building against Qt 5.14 from Ubuntu.
    Thanks Dan Streetman! (Closes: #964687)

 -- Felix Geyer <email address hidden>  Mon, 13 Jul 2020 23:13:31 +0200

1:0.13.1-1+deb10u2

Published in buster-release on 2020-02-08

quassel (1:0.13.1-1+deb10u2) buster; urgency=medium

  * Actually delete quassel-core.NEWS as intended

 -- Scott Kitterman <email address hidden>  Sat, 18 Jan 2020 15:47:27 -0500

1:0.13.1-3

Superseded in sid-release on 2020-07-14

quassel (1:0.13.1-3) unstable; urgency=medium

  * Delete quassel-core.NEWS, not needed
  * Bump standards version to 4.4.1 without further change
  * Switch from deboan/compat + debhelper to debhelper-compat

 -- Scott Kitterman <email address hidden>  Sat, 18 Jan 2020 15:55:00 -0500

1:0.13.1-2

Superseded in sid-release on 2020-01-19

quassel (1:0.13.1-2) unstable; urgency=medium

  [ Felix Geyer ]
  * Fix quasselcore AppArmor denials when the config is saved. (Closes:
    #940482)

  [ Scott Kitterman ]
  * Correct default channel for Debian
  * Add NEWS entry about reloading the quaseelcore AppArmor profile

 -- Scott Kitterman <email address hidden>  Sat, 11 Jan 2020 15:00:28 -0500

1:0.13.1-1

Superseded in buster-release on 2020-02-08

Superseded in sid-release on 2020-01-12

quassel (1:0.13.1-1) unstable; urgency=medium

  [ Scott Kitterman ]
  * New upstream bugfix release
  * Do not explicitly set DEMBED_DATA=OFF, it is the default when KDE (Kf5)
    integration is enabled
  * Update debian/copyright
  * Add hurd-i386 to libqt5webkit5-dev build-depends arch list, since it is
    available there

  [ Shane Synan ]
  * Clean up and update manpages with new options for Quassel 0.13.1

 -- Scott Kitterman <email address hidden>  Fri, 15 Feb 2019 13:00:08 -0500

1:0.13.0-4

Superseded in buster-release on 2019-02-26

Superseded in sid-release on 2019-02-16

quassel (1:0.13.0-4) unstable; urgency=medium

  * Fix install of ufw profile so install is only attempted for quassel-core
    (fixes arch all FTBFS)
  * Replace obsolete dh_install --fail-missing with dh_missing --fail-missing

 -- Scott Kitterman <email address hidden>  Sun, 06 Jan 2019 04:33:59 -0500

1:0.13.0-2

Superseded in buster-release on 2019-01-11

Superseded in sid-release on 2019-01-06

quassel (1:0.13.0-2) unstable; urgency=medium

  * Upload to unstable
  * Set -DWITH_OXYGEN_ICONS for compatibility for Oxygen users
  * Add oxygen-icon-theme as an alternative Recommends to breeze-icon-theme
  * Make debian/NEWS specific to quassel-core and quassel binaries

 -- Scott Kitterman <email address hidden>  Wed, 05 Dec 2018 00:34:55 -0500

1:0.13.0-1

Deleted in experimental-release (Reason: None provided.)

quassel (1:0.13.0-1) experimental; urgency=medium

  * New upstream release (Closes: #915244)
    - Delete debian/patches/03_force_icon_theme.patch, fixed upstream
    - Refresh remaining patch
  * Add libqt5webkit5-dev to build depends for archs where qtwebengine5-dev is
    not available and update the qtwebengine5-dev arch list
  * Set web backend during configure in debian/rules (Thanks to Michael
    Marley)
  * Update debian/copyright
  * Add debian/NEWS item suggesting a backup of the database
  * Add debian/patches/02_script_interpreter_path.patch to use correct path in
    scripts
  * Bump standards-vertion to 4.2.1 without further change
  * Add qtmultimedia5-dev to build-depends
  * Update debian/patches/01_default_network_channel.patch to connect via SSL
    (TLS) when possible
  * Add symlink to usr/bin/mpris-quassel from usr/share/quassel/scripts/mpris
    so the script is available on the system path
  * Change recommended icon theme to breeze-icon-theme to match Plasma default
  * Include quassel unique icons for breeze and breeze-dark icon themes

 -- Scott Kitterman <email address hidden>  Mon, 03 Dec 2018 17:27:44 -0500

1:0.12.5-3

Superseded in buster-release on 2018-12-10

Superseded in sid-release on 2018-12-07

quassel (1:0.12.5-3) unstable; urgency=medium

  * Change postinst script to call runuser instead of su. (Closes: #906794)

 -- Felix Geyer <email address hidden>  Sun, 07 Oct 2018 16:43:33 +0200

1:0.12.4-2+deb9u1

Superseded in sid-release on 2018-12-04

Published in stretch-release on 2018-07-14

quassel (1:0.12.4-2+deb9u1) stretch-security; urgency=high

  * Backport upstream commit to implement a custom deserializer.
    Fixes possible remote code execution. (Closes: #896914)
  * Backport upstream commit to reject client logins before the core is
    configured. Fixes a DoS vulnerability. (Closes: #896915)
  * Backport upstream commit to fix OpenSSL detection with Qt 5.6 and GCC 5.

 -- Felix Geyer <email address hidden>  Sat, 28 Apr 2018 11:54:39 +0200

1:0.10.0-2.3+deb8u4

Published in jessie-release on 2018-06-23

quassel (1:0.10.0-2.3+deb8u4) jessie-security; urgency=high

  * Backport upstream commit to implement a custom deserializer.
    Fixes possible remote code execution. (Closes: #896914)
  * Backport upstream commit to reject client logins before the core is
    configured. Fixes a DoS vulnerability. (Closes: #896915)

 -- Felix Geyer <email address hidden>  Sat, 28 Apr 2018 11:54:10 +0200

1:0.12.5-2

Superseded in buster-release on 2018-10-13

Superseded in sid-release on 2018-11-02

quassel (1:0.12.5-2) unstable; urgency=high

  * Build-depend on qtwebengine5-dev only for archs where it's available.

 -- Felix Geyer <email address hidden>  Wed, 25 Apr 2018 22:58:59 +0200

1:0.12.5-1

Superseded in sid-release on 2018-04-26

quassel (1:0.12.5-1) unstable; urgency=high

  * New upstream release.
    - Fixes a deserialization security vulnerability.
    - Fixes a DoS while quassel is starting up.
  * Drop Fix_the_ssl_check_with_Qt_5.6_and_gcc_5.patch, applied upstream.
  * Build against Qt WebEngine instead of QtWebKit, following upstream.
  * Move git repo to salsa.debian.org

 -- Felix Geyer <email address hidden>  Wed, 25 Apr 2018 19:58:02 +0200

1:0.12.4-3

Superseded in buster-release on 2018-04-28

Superseded in sid-release on 2018-06-13

quassel (1:0.12.4-3) unstable; urgency=medium

  * Depend on default-dbus-session-bus | dbus-session-bus instead of dbus-x11.
    (Closes: #836142)
  * Provide support for --listen option in the init script and systemd service.
    (Closes: #590645)
  * Fix the OpenSSL detection.
    - Add Fix_the_ssl_check_with_Qt_5.6_and_gcc_5.patch,
      cherry picked from upstream.
  * Switch to debhelper compat level 10.
  * quassel-core postinst: chmod/chown only after creating the files/dirs.
  * Remove transitional packages quassel-kde4 and quassel-client-kde4.

 -- Felix Geyer <email address hidden>  Thu, 08 Feb 2018 18:31:06 +0100

1:0.10.0-2.3+deb8u3

Superseded in jessie-release on 2018-06-23

quassel (1:0.10.0-2.3+deb8u3) jessie; urgency=medium

  * Non-maintainer upload.
  * Fix CVE-2016-4414: remote DoS in quassel core with invalid handshake data.
    (Closes: #826402)
    - Add debian/patches/CVE-2016-4414.patch, cherry-picked from upstream.

 -- Pierre Schweitzer <email address hidden>  Sun, 05 Jun 2016 12:41:35 +0200

1:0.12.4-2

Superseded in buster-release on 2018-02-14

Superseded in stretch-release on 2018-07-14

Superseded in sid-release on 2018-12-04

quassel (1:0.12.4-2) unstable; urgency=medium

  * Fix FTBFS when building only architecture dependent packages.

 -- Felix Geyer <email address hidden>  Tue, 26 Apr 2016 19:10:51 +0200

1:0.12.3-1

Superseded in stretch-release on 2016-05-03

Superseded in sid-release on 2016-04-27

quassel (1:0.12.3-1) unstable; urgency=medium

  * New upstream release.
  * Drop patches that have been applied upstream:
    - 02_set-required-libs-and-flags.patch
    - 04_fix_ftbfs_qt55.patch
    - CVE-2015-8547.patch

 -- Felix Geyer <email address hidden>  Thu, 11 Feb 2016 21:38:13 +0100

1:0.10.0-2.3+deb8u2

Superseded in jessie-release on 2016-09-17

quassel (1:0.10.0-2.3+deb8u2) jessie; urgency=high

  * Non-maintainer upload.
  * Fix CVE-2015-8547: remote DoS in quassel core, using /op * command.
    (Closes: #807801)
    - Add debian/patches/CVE-2015-8547.patch, cherry-picked from upstream.

 -- Pierre Schweitzer <email address hidden>  Sun, 13 Dec 2015 11:04:05 +0100

1:0.12.2-3

Superseded in stretch-release on 2016-02-17

Superseded in sid-release on 2016-02-12

quassel (1:0.12.2-3) unstable; urgency=high

  * Fix CVE-2015-8547: op command denial of service issue (Closes: #807801)
    - Add CVE-2015-8547.patch

 -- Felix Geyer <email address hidden>  Mon, 14 Dec 2015 21:25:33 +0100

1:0.12.2-2

Superseded in stretch-release on 2015-12-17

Superseded in sid-release on 2015-12-17

quassel (1:0.12.2-2) unstable; urgency=medium

  * Fix FTBFS with Qt 5.5. (Closes: #802868)
    - Add 04_fix_ftbfs_qt55.patch

 -- Felix Geyer <email address hidden>  Thu, 29 Oct 2015 17:05:50 +0100

1:0.12.2-1

Superseded in stretch-release on 2015-11-04

Superseded in sid-release on 2015-10-30

quassel (1:0.12.2-1) unstable; urgency=medium

  [ Felix Geyer ]
  * New upstream release. (Closes: #779726)
  * Remove patches that have been applied upstream:
    - CVE-2014-8483.patch
    - CVE-2015-2778.patch
    - CVE-2015-3427.patch
  * Set maintainer to Debian KDE Extras Team.
  * Add Vcs control fields pointing to the new git packaging repo.
    (Closes: #732605)
  * Drop explicit phonon depenencies, they are automatically added.
  * Build quassel against Qt5 + KF5 libs instead of a Qt4 and a KDE4 variant.
    (Closes: #784519)
    - Remove quassel-data-kde4.
    - Turn quassel-kde4 and quassel-client-kde4 into transitional packages.
  * Enable parallel building.
  * Pass --fail-missing to dh_install.
  * Create the SSL certificate as user quasselcore to avoid a symlink race
    condition. (Closes: #753737)
  * Stop hardcoding the path to deluser / delgroup in postrm.
  * Enable all hardening build flags.
  * Build with -Wl,--as-needed.
  * Fix detection of OpenSSL when building against Qt5.
    - Add 02_set-required-libs-and-flags.patch from openSUSE.
  * Work around missing icon theme fallback in KF5.
    - Add 03_force_icon_theme.patch
    - Add oxygen-icon-theme to quassel-data/Recommends.

  [ Scott Kitterman ]
  * Add systemd service file and associated changes for quasselcore.

 -- Felix Geyer <email address hidden>  Thu, 10 Sep 2015 22:44:32 +0200

1:0.10.0-2.3+deb8u1

Superseded in jessie-release on 2016-01-23

quassel (1:0.10.0-2.3+deb8u1) jessie-security; urgency=high

  * Fix CVE-2015-3427: SQL injection vulnerability in PostgreSQL backend.
    (Closes: #783926)
    - Add debian/patches/CVE-2015-3427.patch, cherry-picked from upstream.
    - The original issue was CVE-2013-4422 which had an incomplete fix.

 -- Felix Geyer <email address hidden>  Sun, 10 May 2015 16:41:30 +0200

1:0.10.0-2.4

Superseded in stretch-release on 2015-09-16

Superseded in sid-release on 2016-05-04

quassel (1:0.10.0-2.4) unstable; urgency=high

  * Non-maintainer upload.
  * Fix CVE-2015-3427: SQL injection vulnerability in PostgreSQL backend.
    (Closes: #783926)
    - Add debian/patches/CVE-2015-3427.patch, cherry-picked from upstream.
    - The original issue was CVE-2013-4422 which had an incomplete fix.

 -- Felix Geyer <email address hidden>  Tue, 05 May 2015 16:48:57 +0200

1:0.10.0-2.3

Superseded in stretch-release on 2015-05-10

Superseded in jessie-release on 2015-06-06

Superseded in sid-release on 2015-05-10

quassel (1:0.10.0-2.3) unstable; urgency=high


  * Non-maintainer upload with maintainer's permission.
  * Improve the message-splitting algorithm for PRIVMSG and CTCP.  Original
    patch from Michael Marley, backported by Steinar H. Gunderson.  Fixes
    CVE-2015-2778 and CVE-2015-2779.  (Closes: #781024)

 -- Olly Betts <email address hidden>  Wed, 01 Apr 2015 11:41:28 +1300

0.8.0-1+deb7u3

Published in wheezy-release on 2015-01-10

quassel (0.8.0-1+deb7u3) wheezy-security; urgency=high


  * Non-maintainer upload by the Security Team.
  * Add CVE-2014-8483.patch patch.
    CVE-2014-8483: out-of-bounds read on a heap-allocated array.
    (Closes: #766962)

 -- Salvatore Bonaccorso <email address hidden>  Tue, 28 Oct 2014 17:10:53 +0100

1:0.10.0-2.2

Superseded in jessie-release on 2015-04-04

Superseded in sid-release on 2015-04-02

quassel (1:0.10.0-2.2) unstable; urgency=high


  * Non-maintainer upload.
  * Increment Debian revision and epoch to re-upload 0.10.0-2.1 to
    unstable containing the fix for #766962 / CVE-2014-8483:
    out-of-bounds read in ECB Blowfish decryption.

 -- Salvatore Bonaccorso <email address hidden>  Sat, 08 Nov 2014 14:14:56 +0100

0.11.0-1

Superseded in sid-release on 2014-11-09

quassel (0.11.0-1) unstable; urgency=medium


  * New upstream release
  * Debian policy to 3.9.6
  * Adding John Hand to copyright

 -- Thomas Mueller <email address hidden>  Mon, 27 Oct 2014 13:18:21 +0100

0.10.0-2.1

Superseded in sid-release on 2014-11-05

quassel (0.10.0-2.1) unstable; urgency=high


  * Non-maintainer upload.
  * Add CVE-2014-8483.patch patch.
    CVE-2014-8483: out-of-bounds read in ECB Blowfish decryption.
    (Closes: #766962)

 -- Salvatore Bonaccorso <email address hidden>  Sun, 02 Nov 2014 19:10:58 +0100

0.8.0-1+deb7u2

Superseded in wheezy-release on 2015-01-10

quassel (0.8.0-1+deb7u2) wheezy; urgency=medium


  * Fixing security issue where quassel core certificate is 
    readable by all local users
    - Change permissions of /var/lib/quassel/quasselCert.pem
    - Add debian/NEWS to notify the admin to change the certificate

 -- Thomas Mueller <email address hidden>  Thu, 03 Jul 2014 14:42:18 +0200

0.10.0-2

Superseded in jessie-release on 2014-11-11

Superseded in sid-release on 2014-11-04

quassel (0.10.0-2) unstable; urgency=low


  * Fixing security issue where quassel core certificate is 
    readable by all local users
    - Change permissions of /var/lib/quassel/quasselCert.pem
    - Add debian/NEWS to notify the admin to change the certificate

 -- Thomas Mueller <email address hidden>  Fri, 04 Jul 2014 17:15:10 +0200

0.10.0-1

Superseded in jessie-release on 2014-07-15

Superseded in sid-release on 2014-07-05

quassel (0.10.0-1) unstable; urgency=low


  * New upstream release
  * Debian policy to 3.9.5
  * Don't create 1024 bit key (Closes: #732728)
  * Start quaselcore after databases (Closes: #701943)

 -- Thomas Mueller <email address hidden>  Fri, 09 May 2014 17:42:19 +0200

0.8.0-1+deb7u1

Superseded in wheezy-release on 2014-07-12

quassel (0.8.0-1+deb7u1) wheezy; urgency=medium


  * Fix CVE-2013-6404: clients can access backlogs belonging to other users
    - Backport upstream commit in CVE-2013-6404.patch

 -- Felix Geyer <email address hidden>  Sun, 09 Mar 2014 13:41:50 +0100

0.9.2-1

Superseded in jessie-release on 2014-05-20

Superseded in sid-release on 2014-05-13

quassel (0.9.2-1) unstable; urgency=low


  * New upstream release
  * Increase debhelper compat to 9 - supporting hardening now

 -- Thomas Mueller <email address hidden>  Tue, 26 Nov 2013 22:53:55 +0100

0.9.1-1

Superseded in jessie-release on 2013-12-08

Superseded in sid-release on 2013-11-28

quassel (0.9.1-1) unstable; urgency=low


  * New upstream release

 -- Thomas Mueller <email address hidden>  Tue, 05 Nov 2013 17:39:26 +0100

0.9.0-1

Superseded in jessie-release on 2013-11-16

Superseded in sid-release on 2013-11-06

quassel (0.9.0-1) unstable; urgency=low


  * New upstream release (Closes: #705571, #647893)
  * Enable hardened build flags (Closes: #707721)
  * Deleting /var/run/quasselcore.pid on purge (Closes: #653553)
  * Debian Policy to 3.9.4
  * Remove DM-Upload-Allowed

 -- Thomas Mueller <email address hidden>  Tue, 14 May 2013 21:38:58 +0200

0.8.0-1

Superseded in jessie-release on 2013-05-25

Superseded in wheezy-release on 2014-04-26

Superseded in sid-release on 2013-05-16

quassel (0.8.0-1) unstable; urgency=low


  * New upstream release
  * Debian Policy to 3.9.3

 -- Thomas Mueller <email address hidden>  Wed, 25 Apr 2012 00:02:51 +0200

0.7.3-2.1

Superseded in wheezy-release on 2012-05-05

Superseded in sid-release on 2012-04-29

quassel (0.7.3-2.1) unstable; urgency=low


  * Non-maintainer upload.
  * Fix "fails to upgrade from squeeze": test for existence of to-be-moved
    file in quassel-core.preinst; and use -p for mkdir to avoid errors when
    the directory exists, like after failed upgrades.
    (Closes: #655844)

 -- gregor herrmann <email address hidden>  Tue, 10 Apr 2012 19:02:42 +0200

0.7.3-2

Superseded in wheezy-release on 2012-04-23

Superseded in sid-release on 2012-04-16

quassel (0.7.3-2) unstable; urgency=medium


  * Change Build-Depends of the package from libpng12-dev to libpng-dev.
    (Closes: #662486)

 -- Thomas Mueller <email address hidden>  Mon, 05 Mar 2012 09:27:50 +0100

0.6.3-2+squeeze2

Published in squeeze-release on 2012-01-28

quassel (0.6.3-2+squeeze2) stable; urgency=low


  * Fixing missing translations in quassel-data-kde4_0.6.3-2+squeeze1_all.deb

 -- Thomas Mueller <email address hidden>  Mon, 17 Oct 2011 01:20:44 +0200

0.6.3-2+squeeze1

Superseded in squeeze-release on 2012-01-28

quassel (0.6.3-2+squeeze1) stable; urgency=low


  * Fixing security issue: ctcp DoS (Closes: #640960)

 -- Thomas Mueller <email address hidden>  Fri, 09 Sep 2011 20:30:15 +0000

0.7.3-1

Superseded in wheezy-release on 2012-03-18

Superseded in sid-release on 2012-03-07

quassel (0.7.3-1) unstable; urgency=medium


  * New upstream release
  * Translation update
  * Fixing security issue: ctcp DoS (Closes: #640960)

 -- Thomas Mueller <email address hidden>  Fri, 09 Sep 2011 19:00:55 +0000

0.7.2-2

Superseded in wheezy-release on 2011-09-21