php-horde (5.2.20+debian0-1+deb10u2+rebuild) buster; urgency=medium

  * CVE-2020-8035: Don't allow to view images inline if opened directly.
  * debian/patches/0001-Fix-rewrite-base.patch: Trivial rebase.

 -- Mike Gabriel <sunweaver@debian.org>  Sun, 31 May 2020 21:45:26 +0200

php-horde (5.2.20+debian0-1+deb10u1) buster; urgency=high

  * Fix CVE-2019-12095: Stored XSS vuln in the Horde Cloud Block.

 -- Roberto C. Sanchez <roberto@debian.org>  Fri, 13 Dec 2019 21:13:53 -0500

php-horde (5.2.20+debian0-1) unstable; urgency=medium

  * New upstream version 5.2.20+debian0
    - Update patch
    - Remove patch for CVE-2017-16907, merged

 -- Mathieu Parent <sathieu@debian.org>  Thu, 25 Oct 2018 21:08:21 +0200

php-horde (5.2.18+debian0-1) unstable; urgency=medium

  * New upstream version 5.2.18+debian0
    - Update patch
  * Fix CVE-2017-16907 XSS via Color field (Closes: #909739)

 -- Mathieu Parent <sathieu@debian.org>  Sun, 07 Oct 2018 22:55:19 +0200

php-horde (5.2.17+debian0-3) unstable; urgency=medium

  * Update Standards-Version to 4.1.4, no change
  * Update Maintainer field

 -- Mathieu Parent <sathieu@debian.org>  Tue, 15 May 2018 15:21:43 +0200

php-horde (5.2.17+debian0-2) unstable; urgency=medium

  * Update Standards-Version to 4.1.3, no change
  * Upgrade debhelper to compat 11
  * Update Vcs-* fields
  * Use secure copyright format URI
  * Replace "Priority: extra" by "Priority: optional"

 -- Mathieu Parent <sathieu@debian.org>  Thu, 05 Apr 2018 22:23:17 +0200

php-horde (5.2.17+debian0-1) unstable; urgency=medium

  * New upstream version 5.2.17+debian0

 -- Mathieu Parent <sathieu@debian.org>  Wed, 27 Sep 2017 20:08:11 +0200

php-horde (5.2.16+debian0-1) unstable; urgency=medium

  * New upstream version 5.2.16+debian0
  * Update patch

 -- Mathieu Parent <sathieu@debian.org>  Tue, 01 Aug 2017 22:25:55 +0200

php-horde (5.2.15+debian0-1) unstable; urgency=medium

  * New upstream version 5.2.15+debian0
  * Update patch

 -- Mathieu Parent <sathieu@debian.org>  Sat, 01 Jul 2017 22:05:23 +0200

php-horde (5.2.13+debian0-1) unstable; urgency=medium

  * New upstream version 5.2.13+debian0
  * Update patch

 -- Mathieu Parent <sathieu@debian.org>  Sun, 18 Dec 2016 22:01:07 +0100

php-horde (5.2.12+debian0-2) unstable; urgency=medium

  * Replace dpkg-maintscript-helper usage by debian/maintscript and thus remove
    preinst without #! (Closes: #843289). Also, we ensure that mv_conffile is
    run before apache snipset.

 -- Mathieu Parent <sathieu@debian.org>  Sat, 05 Nov 2016 20:32:46 +0100

php-horde (5.2.12+debian0-1) unstable; urgency=high

  * New upstream version 5.2.12+debian0
    + SECURITY: Add CSRF protection tokens to portal layout forms.
      Closes: #837151 and urgency set to high.
  * Update patch

 -- Mathieu Parent <sathieu@debian.org>  Fri, 09 Sep 2016 15:16:20 +0200

php-horde (5.2.11+debian0-1) unstable; urgency=medium

  * New upstream version 5.2.11+debian0
  * Update patch

 -- Mathieu Parent <sathieu@debian.org>  Sat, 02 Jul 2016 21:55:21 +0200

php-horde (5.2.10+debian0-2) unstable; urgency=medium

  * Depends on php
  * Update Standards-Version to 3.9.8, no change
  * Updated d/watch to use https

 -- Mathieu Parent <sathieu@debian.org>  Wed, 08 Jun 2016 20:44:45 +0200

php-horde (5.2.10+debian0-1) unstable; urgency=medium

  * New upstream version 5.2.10+debian0
  * Update patch

 -- Mathieu Parent <sathieu@debian.org>  Sat, 26 Mar 2016 13:31:58 +0100

php-horde (5.2.9+debian0-2) unstable; urgency=medium

  * Add missing AllowOverride AuthConfig (Closes: #813712).
    Thanks to Ivan Sergio Borgonovo.
  * Update Standards-Version to 3.9.7, no change
  * Use secure Vcs-* fields
  * Rebuild with newer pkg-php-tools for the PHP 7 transition

 -- Mathieu Parent <sathieu@debian.org>  Sun, 13 Mar 2016 19:01:14 +0100

php-horde (5.2.9+debian0-1) unstable; urgency=medium

  * New upstream version 5.2.9+debian0
    - Fixes XSS vulnerability in menu bar (Closes: #813573)
  * Update patch

 -- Mathieu Parent <sathieu@debian.org>  Wed, 03 Feb 2016 23:40:14 +0100

php-horde (5.2.8+debian0-1) unstable; urgency=medium

  * Upgaded to debhelper compat 9
  * gbp.conf renamed git-import-orig section to import-orig
  * d/copyright improvements, including:
    - Fixed several wildcard-matches-nothing-in-dep5-copyright
    - OpenLayers.js moved to Horde_Core
    - js/map/* moved to Horde_Core
    - keynavlist.js and inplaceeditor.js moved to Horde_Core
    - old theme hordevetica has been removed
    - imple.php has been removed
  * New upstream version 5.2.8+debian0
  * Update patch

 -- Mathieu Parent <sathieu@debian.org>  Sat, 24 Oct 2015 07:01:44 +0200

php-horde (5.2.7+debian0-1) unstable; urgency=medium

  * New upstream version 5.2.7+debian0
  * Update patch
  * Update gbp.conf

 -- Mathieu Parent <sathieu@debian.org>  Mon, 17 Aug 2015 09:00:59 +0200

php-horde (5.2.6+debian0-1) unstable; urgency=medium

  * New upstream version 5.2.6+debian0
  * Update patches

 -- Mathieu Parent <sathieu@debian.org>  Thu, 18 Jun 2015 16:48:04 +0200

php-horde (5.2.5+debian0-1) unstable; urgency=medium

  * Update Standards-Version to 3.9.6, no change
  * New upstream version 5.2.5+debian0
  * Update patches

 -- Mathieu Parent <sathieu@debian.org>  Tue, 05 May 2015 08:19:18 +0200

php-horde (5.2.1+debian0-2) unstable; urgency=medium

  * Update Standards-Version, no change
  * Update Vcs-Browser to use cgit instead of gitweb

 -- Mathieu Parent <sathieu@debian.org>  Wed, 27 Aug 2014 07:28:19 +0200

php-horde (5.2.1+debian0-1) unstable; urgency=medium

  * New upstream version 5.2.1
  * Update patches

 -- Mathieu Parent <sathieu@debian.org>  Tue, 05 Aug 2014 11:53:04 +0200

php-horde (5.2.0+debian0-1) unstable; urgency=medium

  * New upstream version 5.2.0
  * Update patches

 -- Mathieu Parent <sathieu@debian.org>  Tue, 15 Jul 2014 23:26:37 +0200

php-horde (5.2.0~beta2+debian0-1) unstable; urgency=medium

  * New upstream version 5.2.0~beta2+debian0
  * Update patches

 -- Mathieu Parent <sathieu@debian.org>  Mon, 09 Jun 2014 10:22:52 +0200

php-horde (5.1.6+debian0-1) unstable; urgency=medium

  * New upstream version 5.1.6
  * Update patches
  * Upstream has now removed .php suffix of files in /usr/bin
  * Upstream now use #!/usr/bin/env php in all scripts

 -- Mathieu Parent <sathieu@debian.org>  Sat, 08 Mar 2014 09:45:13 +0100

php-horde (5.1.5+debian1-1) unstable; urgency=low

  * Remove compiled Silverlight file (Closes: #734210)

 -- Mathieu Parent <sathieu@debian.org>  Sun, 05 Jan 2014 11:28:29 +0100

php-horde (5.1.5+debian0-1) unstable; urgency=low

  * New upstream version 5.1.5+debian0
    - Fixes the grep path (Closes: #722960)
    - CVE-2013-6365 (Closes: #730110)
  * Remove ".php" extension from two files in $PATH
  * Fix php path in those two same files 
  * Rename old README.Debian to NEWS which is more correct
  * Add a quick start guide in README.Debian
  * Provide a horde-writable-config to ease initial configuration
    (Closes: #726187)
  * Add ActiveSync URLs

 -- Mathieu Parent <sathieu@debian.org>  Sat, 30 Nov 2013 19:51:45 +0100

php-horde (5.1.4+debian0-1) unstable; urgency=low

  * New upstream version 5.1.4+debian0
  * Fix postinst (Closes: #711591)
  * Fix Apache rewrite base (Closes: #721119)
  * Remove patch for missing horde-queue-run-task in package.xml: Fixed
    upstream.

 -- Mathieu Parent <sathieu@debian.org>  Tue, 17 Sep 2013 22:51:26 +0200

php-horde (5.1.2+debian0-1) unstable; urgency=low

  * New upstream version 5.1.2+debian0
  * Add missing install line for horde-queue-run-task
  * d/postinst, d/postrm:
    - Add "set -e" to maintscripts
    - Update to latest spec from https://wiki.debian.org/Apache/PackagingFor24
    - Invert the link test (Closes: #720139, #711591)

 -- Mathieu Parent <sathieu@debian.org>  Wed, 21 Aug 2013 20:23:38 +0200

php-horde (5.1.1+debian0-1) unstable; urgency=low

  * New upstream version 5.1.1+debian0

 -- Mathieu Parent <sathieu@debian.org>  Mon, 24 Jun 2013 11:10:39 +0200

php-horde (5.1.0+debian0-2) unstable; urgency=low

  * Recommends "apache2 | httpd"
  * Use override_dh_link instead of dh deprecated --until/--after

 -- Mathieu Parent <sathieu@debian.org>  Mon, 17 Jun 2013 21:51:01 +0200

php-horde (5.1.0+debian0-1) unstable; urgency=low

  * New upstream version 5.1.0, repacked
  * Use pristine-tar (with filtering)
  * Silence check_compiled_flash_files
  * Apache2.4 transition:
    - rename /etc/apache2/conf.d/horde.conf to
      /etc/apache2/mod-available/php-horde.conf
    - handle the move on preinst,postinst, postrm
    - keep backward compatibility

 -- Mathieu Parent <sathieu@debian.org>  Thu, 06 Jun 2013 20:15:45 +0200

php-horde (5.0.4+debian0-1) unstable; urgency=low

  * New upstream version 5.0.4

 -- Mathieu Parent <sathieu@debian.org>  Sun, 07 Apr 2013 16:23:05 +0200

php-horde (5.0.3+debian0-1) unstable; urgency=low

  * New upstream version 5.0.3

 -- Mathieu Parent <sathieu@debian.org>  Thu, 10 Jan 2013 22:14:52 +0100

php-horde (5.0.2+debian0-3) unstable; urgency=low

  * Add a description of Horde in long description
  * Updated Standards-Version to 3.9.4, no changes
  * Replace horde4 by PEAR in git reporitory path
  * Fix Horde Homepage
  * Remove debian/pearrc, not needed with latest php-horde-role

 -- Mathieu Parent <sathieu@debian.org>  Wed, 09 Jan 2013 20:54:44 +0100

php-horde (5.0.2+debian0-2) unstable; urgency=low

  * Simple apache config 
  * Depends on php-horde-role (>=1.0.1-2~) to ensure horde_dir is set
  * Move static directory (actually dynamic) to /var/cache/horde/static

 -- Mathieu Parent <sathieu@debian.org>  Mon, 10 Dec 2012 13:39:11 +0100

php-horde (5.0.2+debian0-1) unstable; urgency=low

  * horde package
  * Initial packaging (Closes: #657374)
  * Copyright file by Soren Stoutner and Jay Barksdale
  * Build-depends on php-horde-role
  * embedded plupload compiled Flash files
    - Repack to remove binary flash file "plupload.flash.swf"
    - Add a check at build time
    - Mention it in README.Debian

 -- Mathieu Parent <sathieu@debian.org>  Sat, 08 Dec 2012 19:20:23 +0100
