horizon (2014.1.3-7+deb8u2) jessie-security; urgency=medium * CVE-2016-4428: Possible client side template injection in horizon. Applied upstream patch: "Escape angularjs templating in unsafe HTML" after rebasing it for Icehouse (Closes: #828967). -- Thomas Goirand Wed, 29 Jun 2016 15:24:16 +0200 horizon (2014.1.3-7+deb8u1) jessie-security; urgency=high * Fix CVE-2015-3219 with upstream patch (Closes: 788306). -- Thomas Goirand Wed, 10 Jun 2015 16:18:34 +0200 horizon (2014.1.3-7) unstable; urgency=medium * Fix Moscow timezone check and avoid FTBFS (Closes: #775636). -- Thomas Goirand Wed, 21 Jan 2015 14:03:26 +0000 horizon (2014.1.3-6) unstable; urgency=high * CVE-2014-8124: Horizon denial of service attack through login page. Applied upstrema patch (Closes: #772710). -- Thomas Goirand Wed, 10 Dec 2014 19:41:02 +0800 horizon (2014.1.3-5) unstable; urgency=medium * Purge the /usr/share/openstack-dashboard/openstack_dashboard folder when purging openstack-dashboard (Closes: #769101). -- Thomas Goirand Wed, 12 Nov 2014 05:24:26 +0800 horizon (2014.1.3-4) unstable; urgency=medium * Added Dutch debconf translations thanks to Frans Spiesschaert (Closes: #766414). -- Thomas Goirand Sat, 25 Oct 2014 16:12:13 +0800 horizon (2014.1.3-3) unstable; urgency=medium * Mangling upstream rc and beta versions in watch file. * Added patch to fix wrong WSGI application with Django 1.7. -- Thomas Goirand Thu, 16 Oct 2014 16:43:58 +0000 horizon (2014.1.3-1) unstable; urgency=medium * New upstream release. * Removed patches applied upstream: - 0006_fix-TEMPLATE_DIRS-must-be-tuple.patch - 0007-Rename-add_error-methods-to-avoid-conflict-with-Djan.patch - 0010_Tentative-fix-for-a-test-suite-failure-after-the-las.patch - CVE_2014-3594_stable-icehouse.patch -- Thomas Goirand Fri, 03 Oct 2014 21:19:01 +0800 horizon (2014.1.2-4) unstable; urgency=medium * Moves the libapache2-mod-wsgi (>= 2.3) dependency to openstack-dashboard-apache. * Disable test_update_project_when_default_role_does_not_exist() which is failing under Django 1.7 (Closes: #755651). -- Thomas Goirand Tue, 16 Sep 2014 23:33:28 +0800 horizon (2014.1.2-3) unstable; urgency=high * CVE_2014-3594: Fix XSS issue with the unordered_list filter (Closes: #758930). * Added Build-Conflicts: python-webob -- Thomas Goirand Sat, 23 Aug 2014 10:30:29 +0800 horizon (2014.1.2-2) unstable; urgency=medium * Used the new version of the summation patch. * Added build-conflicts: python-unittest2. -- Thomas Goirand Wed, 13 Aug 2014 13:50:13 +0000 horizon (2014.1.2-1) unstable; urgency=medium * New upstream point release. * Removed CVE-2014-3473, CVE-2014-3474, CVE-2014-3475 patch, applied upstream. -- Thomas Goirand Sun, 10 Aug 2014 22:57:13 +0800 horizon (2014.1.1-3) unstable; urgency=high * CVE-2014-3473, CVE-2014-3474, CVE-2014-3475: XSS vulnerability. Applied upstream provided patch from https://review.openstack.org/105477 (Closes: 754255). -- Thomas Goirand Wed, 09 Jul 2014 16:14:35 +0800 horizon (2014.1.1-2) unstable; urgency=medium * Updated de.po thanks to Chris Leick (Closes: #751163). -- Thomas Goirand Wed, 11 Jun 2014 12:24:13 +0800 horizon (2014.1.1-1) unstable; urgency=medium * New upstream release. * Removed Use_escapejs_filter_on_JavaScript_strings.patch applied upstream. * Now needs python-six >= 1.6.0. -- Thomas Goirand Mon, 09 Jun 2014 23:16:43 +0800 horizon (2014.1-2) unstable; urgency=medium * Added Use_escapejs_filter_on_JavaScript_strings.patch. -- Thomas Goirand Wed, 21 May 2014 08:42:42 +0800 horizon (2014.1-1) unstable; urgency=medium * New upstream release. * Uploading to unstable. -- Thomas Goirand Wed, 09 Apr 2014 17:32:13 +0800 horizon (2014.1~rc1-1) experimental; urgency=low * New upstream release. * Reviewed (build-)depends for this release. * Refreshed fix-python-m-coverage.patch -- Thomas Goirand Wed, 02 Apr 2014 18:24:26 +0800 horizon (2014.1~b3-2) experimental; urgency=low * Fixed MANIFEST.in which was missing the openstack_dashboard *.py. -- Thomas Goirand Tue, 18 Mar 2014 00:44:21 +0800 horizon (2014.1~b3-1) experimental; urgency=low [ Gonéri Le Bouder ] * Compress the CSS and JS during the postinst (Closes: #739698) - Turns COMPRESS_OFFLINE to True since we now pre-compress the CSS and the JS - call "manage.py compress" in the post-inst script * avoid openstack-dashboard-apache.postinst failure if the default vhost has been removed. * Add myself in Uploaders * run horizon with the horizon user/group * Bump standard version, no change needed * Call debconf-updatepo to refresh the i18n template [ Thomas Goirand ] * New upstream release (Icehouse beta 3). * Removes CVE-2013-6858 patch applied upstream. * Refreshed patch. -- Thomas Goirand Fri, 14 Mar 2014 11:34:49 +0000 horizon (2013.2-2) unstable; urgency=high * CVE-2013-6858: persistent XSS vulnerability. Applies upstream patch: Fix bug by escaping strings from Nova before displaying them (Closes: #730752). * Adds debconf translations updates, with warm thanks to: - French, Julien Patriarca (Closes: #726711). - Italian, Beatrice Torracca (Closes: #726829). * New debconf translations, with warm thanks to: - Portuguese, Américo Monteiro (Closes: #729911). -- Thomas Goirand Wed, 04 Dec 2013 20:43:44 +0800 horizon (2013.2-1) unstable; urgency=low * New upstream release. * Uploading to unstable. -- Thomas Goirand Fri, 18 Oct 2013 00:15:57 +0800 horizon (2013.2~rc3-1) experimental; urgency=low * New upstream pre-release. * Now running the upstream unit tests, and added a debian/source/options file with extend-diff-ignore = "[.]*.secret_key_store" -- Thomas Goirand Thu, 17 Oct 2013 11:27:06 +0800 horizon (2013.2~rc2-1) experimental; urgency=low * New upstream pre-release. -- Thomas Goirand Wed, 16 Oct 2013 23:17:44 +0800 horizon (2013.2~rc1-2) experimental; urgency=low * Now creates /var/lib/openstack-dashboard/secret-key in the postinst, and sets this path as default in /etc/openstack-dashbaord/local_settings.py, instead of the path in /usr/share (Closes: #726373). * Debconf translations updates: - Czech, thanks to Michal Šimůnek (Closes: #726124). - Danish, thanks to Joe Dalton (Closes: #725988). - Russian, thanks to Yuri Kozlov (Closes: #725878). * Added new debconf translation: - Swedish, thanks to Martin Bagge (Closes: #725101). -- Thomas Goirand Sun, 13 Oct 2013 22:48:35 +0800 horizon (2013.2~rc1-1) experimental; urgency=low * New upstream release. * Lots of dependencies adjustments. -- Thomas Goirand Tue, 08 Oct 2013 09:22:10 +0000 horizon (2013.1.3-2) unstable; urgency=low * Added new French debconf translation (Closes: #722421). -- Thomas Goirand Wed, 25 Sep 2013 17:30:14 +0800 horizon (2013.1.3-1) unstable; urgency=low * New upstream point release. * Added a few Debconf translations: - japaneese, thanks to victory (Closes: #719723). - Danish, thanks to Joe Dalton (Closes: #720012). - Italian, thanks to Beatrice Torracca (Closes: #720644). - Czech, thanks to Michal Šimůnek (Closes: #721223). - Russian, thanks to Yuri Kozlov (Closes: #721306). -- Thomas Goirand Fri, 30 Aug 2013 16:52:24 +0800 horizon (2013.1.2-4) unstable; urgency=low * Fixes prerm so that it uninstalls the correct .conf files for apache, since old apache vhost has been rename because of apache 2.4. Also remove the old ones as a transition, but using || true to avoid failure (Closes: #669836). -- Thomas Goirand Fri, 19 Jul 2013 01:06:46 +0800 horizon (2013.1.2-3) unstable; urgency=low * Now works with Sid apache 2.4 (Closes: #669836). * Debconf and long description rewrite from the debian-l10n-english team: a big thanks to them (Closes: #709000). -- Thomas Goirand Sun, 14 Jul 2013 06:13:46 +0000 horizon (2013.1.2-2) unstable; urgency=low * Added a /etc/default/openstack-dashboard-apache to save the values of debconf about setting-up the Apache vhosts. -- Thomas Goirand Sat, 15 Jun 2013 02:45:58 +0800 horizon (2013.1.2-1) unstable; urgency=low * New upstream release. * Ran wrap-and-sort. * Also rm -rf /var/lib/horizon on purge (Closes: #668760). * Removed chown -R, does more selective chown instead. * Removes "a2ensite default" in postrm (Closes: #708632). -- Thomas Goirand Thu, 30 May 2013 11:23:28 +0800 horizon (2013.1.1-2) unstable; urgency=low * Added missing symlink to /var for the css and js dynamic generation folder. -- Thomas Goirand Tue, 21 May 2013 12:51:27 +0800 horizon (2013.1.1-1) unstable; urgency=low * Uploading to unstable. * New upstream release. * Removes the build of static CSS and JS, as they are done dynamically. * Cleans better the package now (rebuild twice should work). -- Thomas Goirand Thu, 16 May 2013 14:14:58 +0000 horizon (2013.1-1) experimental; urgency=low * New upstream release. * Kills the COMPRESS_OFFLINE = True patch, no longer needed. -- Thomas Goirand Mon, 28 Jan 2013 22:39:15 +0800 horizon (2012.2.1-1) experimental; urgency=low * New upstream release 2012.2.1 * Recommends: memcached and use it as default on localhost. * Rewrote Apache vhost, diables apache "default" vhost by default, (probably we should ask for permission to do that using debconf). * Now writing css and js script in /var, plus we aren't doing chown www-data of all the static, but only css + js in /var. * Now asking using debconf if we should disable the default apache vhost, and activate the Dasboard, and if we should use SSL or not. * Added missing dependency on node-less. * The package had only Build-Depends:, now setting lots of them in Build-Depends-Indep: as it should be. * Using pkgos.make in debian/rules. -- Thomas Goirand Sun, 02 Dec 2012 11:59:19 +0000 horizon (2012.2~rc1-1) experimental; urgency=low [ Mehdi Abaakouk ] * New upstream version * Remove CVE-2012-3540 fixed by upstream [ Thomas Goirand ] * Now using xz compression level 9 for the debs. -- Mehdi Abaakouk Mon, 10 Sep 2012 17:56:09 +0200 horizon (2012.1.1-5) unstable; urgency=low * Add the /static/horizon alias to the apache host definition. Without it the javascript files cannot be found and most of the dashboard functions are not working. -- Loic Dachary (OuoU) Tue, 04 Sep 2012 13:47:54 +0200 horizon (2012.1.1-4) unstable; urgency=high * CVE-2012-3540: added patch: Disallow login redirects to anywhere other than the same origin (Closes: #686050). -- Thomas Goirand Tue, 28 Aug 2012 03:05:44 +0000 horizon (2012.1.1-3) unstable; urgency=low [ Thomas Goirand ] * Added missing (build-)dependencies (took what was in the Ubuntu package and which seems to be missing in Debian). * Fixed missing license in debian/copyright. * Added a get-vcs-source target in debian/rules. * Fixed debian/copyright header. [ Loic Dachary (OuoU) ] * Add compression = xz to debian/gbp.conf -- Thomas Goirand Sun, 08 Jul 2012 18:05:14 +0000 horizon (2012.1.1-2) unstable; urgency=low * Add a /static alias to serve the static files. By default django is configured in debug mode and will serve the static files. However, when it is configured in production mode, it will no longer serve them and it is expected that apache will take care of it. (Closes: #679440). * Add Loic Dachary as Uploader -- Loic Dachary (OuoU) Fri, 29 Jun 2012 10:23:33 +0200 horizon (2012.1.1-1) unstable; urgency=low [ Julien Danjou ] * Remove useless dependency on openstackx * Fix clean target [ Mehdi Abaakouk ] * New upsteam release * Remove patches fixed upstream: CVE_2012-2094, CVE_2012-2144. * Add gbp configuration file * Clean horizon user home directory on purge. Closes: #668760 * Add Mehdi Abaakouk as Uploader -- Julien Danjou Mon, 25 Jun 2012 13:13:35 +0200 horizon (2012.1-4) unstable; urgency=low * Fixed CVE_2012-2144. Closes: #671604 -- Ghe Rivero Sat, 05 May 2012 12:02:08 +0200 horizon (2012.1-3) unstable; urgency=low * Fixed CVE_2012-2094 -- Ghe Rivero Tue, 17 Apr 2012 19:38:18 +0200 horizon (2012.1-2) unstable; urgency=low * Make openstack-dashboard depends on the same version of python-django-horizon, otherwise it just fails to work most of the time, since upstream doesn't guarantee it'd work. -- Julien Danjou Mon, 16 Apr 2012 16:11:45 +0200 horizon (2012.1-1) unstable; urgency=low * New upstream release -- Ghe Rivero Mon, 09 Apr 2012 09:29:59 +0200 horizon (2012.1~rc2-1) unstable; urgency=low * New upstream release -- Ghe Rivero Wed, 04 Apr 2012 10:46:08 +0200 horizon (2012.1~rc1-1) unstable; urgency=low * New upstream release. -- Ghe Rivero Tue, 20 Mar 2012 18:29:45 +0100 horizon (2012.1~e4-1) unstable; urgency=low * New upstream release -- Ghe Rivero Fri, 02 Mar 2012 08:42:48 +0100 horizon (2012.1~e3-3) unstable; urgency=low * Added manage.py to openstack-dashboard pkg -- Ghe Rivero Sun, 29 Jan 2012 10:26:12 +0100 horizon (2012.1~e3-2) unstable; urgency=low *Fixed typo in libjs-jquery -- Ghe Rivero Thu, 26 Jan 2012 16:40:21 +0100 horizon (2012.1~e3-1) unstable; urgency=low * New upstream release -- Ghe Rivero Thu, 26 Jan 2012 14:37:30 +0100 horizon (2012.1~e2-2) unstable; urgency=low * Rebuild to not depends on python-openstack-compute -- Julien Danjou Mon, 19 Dec 2011 09:43:45 +0100 horizon (2012.1~e2-1) unstable; urgency=low * New upstream release -- Julien Danjou Fri, 16 Dec 2011 10:16:19 +0100 horizon (2012.1~e1-1) unstable; urgency=low * Initial release (Closes: #649897, #649994) -- Julien Danjou Fri, 25 Nov 2011 11:30:34 +0100