quassel (1:0.10.0-2.3+deb8u4) jessie-security; urgency=high

  * Backport upstream commit to implement a custom deserializer.
    Fixes possible remote code execution. (Closes: #896914)
  * Backport upstream commit to reject client logins before the core is
    configured. Fixes a DoS vulnerability. (Closes: #896915)

 -- Felix Geyer <fgeyer@debian.org>  Sat, 28 Apr 2018 11:54:10 +0200

quassel (1:0.10.0-2.3+deb8u3) jessie; urgency=medium

  * Non-maintainer upload.
  * Fix CVE-2016-4414: remote DoS in quassel core with invalid handshake data.
    (Closes: #826402)
    - Add debian/patches/CVE-2016-4414.patch, cherry-picked from upstream.

 -- Pierre Schweitzer <pierre@reactos.org>  Sun, 05 Jun 2016 12:41:35 +0200

quassel (1:0.10.0-2.3+deb8u2) jessie; urgency=high

  * Non-maintainer upload.
  * Fix CVE-2015-8547: remote DoS in quassel core, using /op * command.
    (Closes: #807801)
    - Add debian/patches/CVE-2015-8547.patch, cherry-picked from upstream.

 -- Pierre Schweitzer <pierre@reactos.org>  Sun, 13 Dec 2015 11:04:05 +0100

quassel (1:0.10.0-2.3+deb8u1) jessie-security; urgency=high

  * Fix CVE-2015-3427: SQL injection vulnerability in PostgreSQL backend.
    (Closes: #783926)
    - Add debian/patches/CVE-2015-3427.patch, cherry-picked from upstream.
    - The original issue was CVE-2013-4422 which had an incomplete fix.

 -- Felix Geyer <fgeyer@debian.org>  Sun, 10 May 2015 16:41:30 +0200

quassel (1:0.10.0-2.3) unstable; urgency=high

  * Non-maintainer upload with maintainer's permission.
  * Improve the message-splitting algorithm for PRIVMSG and CTCP.  Original
    patch from Michael Marley, backported by Steinar H. Gunderson.  Fixes
    CVE-2015-2778 and CVE-2015-2779.  (Closes: #781024)

 -- Olly Betts <olly@survex.com>  Wed, 01 Apr 2015 11:41:28 +1300

quassel (1:0.10.0-2.2) unstable; urgency=high

  * Non-maintainer upload.
  * Increment Debian revision and epoch to re-upload 0.10.0-2.1 to
    unstable containing the fix for #766962 / CVE-2014-8483:
    out-of-bounds read in ECB Blowfish decryption.

 -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 08 Nov 2014 14:14:56 +0100

quassel (0.10.0-2.1) unstable; urgency=high

  * Non-maintainer upload.
  * Add CVE-2014-8483.patch patch.
    CVE-2014-8483: out-of-bounds read in ECB Blowfish decryption.
    (Closes: #766962)

 -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 02 Nov 2014 19:10:58 +0100

quassel (0.10.0-2) unstable; urgency=low

  * Fixing security issue where quassel core certificate is 
    readable by all local users
    - Change permissions of /var/lib/quassel/quasselCert.pem
    - Add debian/NEWS to notify the admin to change the certificate

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Fri, 04 Jul 2014 17:15:10 +0200

quassel (0.10.0-1) unstable; urgency=low

  * New upstream release
  * Debian policy to 3.9.5
  * Don't create 1024 bit key (Closes: #732728)
  * Start quaselcore after databases (Closes: #701943)

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Fri, 09 May 2014 17:42:19 +0200

quassel (0.9.2-1) unstable; urgency=low

  * New upstream release
  * Increase debhelper compat to 9 - supporting hardening now

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Tue, 26 Nov 2013 22:53:55 +0100

quassel (0.9.1-1) unstable; urgency=low

  * New upstream release

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Tue, 05 Nov 2013 17:39:26 +0100

quassel (0.8.0-1) unstable; urgency=low

  * New upstream release
  * Debian Policy to 3.9.3

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Wed, 25 Apr 2012 00:02:51 +0200

quassel (0.7.3-2.1) unstable; urgency=low

  * Non-maintainer upload.
  * Fix "fails to upgrade from squeeze": test for existence of to-be-moved
    file in quassel-core.preinst; and use -p for mkdir to avoid errors when
    the directory exists, like after failed upgrades.
    (Closes: #655844)

 -- gregor herrmann <gregoa@debian.org>  Tue, 10 Apr 2012 19:02:42 +0200

quassel (0.7.3-2) unstable; urgency=medium

  * Change Build-Depends of the package from libpng12-dev to libpng-dev.
    (Closes: #662486)

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Mon, 05 Mar 2012 09:27:50 +0100

quassel (0.7.3-1) unstable; urgency=medium

  * New upstream release
  * Translation update
  * Fixing security issue: ctcp DoS (Closes: #640960)

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Fri, 09 Sep 2011 19:00:55 +0000

quassel (0.7.2-2) unstable; urgency=low

  * DATADIR set to new location /var/lib/ (Closes: #629507)

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Tue, 07 Jun 2011 19:01:51 +0000

quassel (0.7.2-1) unstable; urgency=low

  * New upstream release (Closes: #629393)
  * Clients no longer recommend quassel-core (Closes: #622904)
  * Debian Policy to 3.9.2
  * quassel-core.preinst added - taken from Ubuntu (Closes: #612042)
    Thanks to Scott Kitterman <scott@kitterman.com> 

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Mon, 06 Jun 2011 20:40:24 +0200

quassel (0.7.1-4) unstable; urgency=low

  * 0.7.1-3 lost the kfreebsd patch of 0.7.1-2

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Thu, 14 Apr 2011 20:08:27 +0200

quassel (0.7.1-3) unstable; urgency=low

  * Build-dependency qt4-dev-tools added (Closes: #613599)
  * Build-dependency libqtwebkit-dev added (Closes: #622273)
  * Build-dependency libdbusmenu-qt-dev added
  * Build-dependency libindicate-qt-dev added

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Tue, 12 Apr 2011 22:40:46 +0200

quassel (0.7.1-2) unstable; urgency=low

  * Patch added to fix kfreebsd builds (Closes: #620542)

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Mon, 11 Apr 2011 21:44:34 +0200

quassel (0.7.1-1.1) unstable; urgency=low

  * Non-maintainer upload with maintainer permission.
  * Do not hardcode kdelibs5 and kdebase-runtime in quassel-client-kde4 and
    quassel-kde4 Depends (Closes: #616026). kdelibs5 has been deprecated and
    will be removed soon while kdebase-runtime is added via shlibs as needed.

 -- Modestas Vainius <modax@debian.org>  Wed, 30 Mar 2011 18:59:12 +0300

quassel (0.7.1-1) unstable; urgency=low

  * New upstream release

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Tue, 21 Sep 2010 19:59:07 +0200

quassel (0.7.0-1) unstable; urgency=low

  * New upstream release

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Sat, 18 Sep 2010 19:19:40 +0200 
 
quassel (0.6.1-2) unstable; urgency=low

  * add dependency to gawk (closes: #592455)
  * remove manageusers.py (closes: #590644)
  * man pages updated (closes: #590643)
  * dump Debian Policy to 3.9.1

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Sun, 15 Aug 2010 23:11:16 +0200

quassel (0.6.1-1) unstable; urgency=low

  * New upstream release
  * Switch to dpkg-source 3.0 (quilt) format
  * desktop notification have been reimplemented (closes: #562974)

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Wed, 21 Apr 2010 20:11:17 +0200

quassel (0.5.2-3) unstable; urgency=low

  * missing name changes quassel-core - in init and default

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Thu, 18 Feb 2010 17:12:06 +0100

quassel (0.5.2-2) unstable; urgency=low

  * Re-include init script into (closes: #569942)
  * Fixing lintian error init.d-script-missing-dependency-on-remote_fs

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Thu, 18 Feb 2010 17:11:18 +0100

quassel (0.5.2-1) unstable; urgency=low

  * New upstream release (closes: #556309)
  * Fixing minor lintian warnings:
    - copyright-with-old-dh-make-debian-copyright
    - duplicate-long-description
    - quilt-patch-missing-description
  * package descriptions have been reviewed by debian-i10n-english
  * fixing dependencies - thanks to puiparts:
    - quassel-client: phonon
    - quassel: phonon
    - quassel-kde4: kdebase-runtime, kdelibs5
    - quassel-client-kde4: kdebase-runtime, kdelibs5

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Mon, 01 Feb 2010 23:41:05 +0100

quassel (0.5.1-3) unstable; urgency=low

  * Conflict dependency added between quassel-data and quassel-data-
    kde4(closes: #566097)

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Thu, 21 Jan 2010 20:36:09 +0100

quassel (0.5.1-2) unstable; urgency=low

  * KDE4 support enabled (closes: #561795)
    - package quassel-kde4 (monolithic client with KDE) has been added
    - package quassel-client-kde4 (client with KDE) has been added
    - package quassel-data-kde4 (data files) has been added
    
  * switch from cdbs to debhelper - basic idea taken from the ubuntu package
    thanks guys
  * quilt is used as patch system now

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Thu, 11 Jan 2010 12:52:45 +0100
 
quassel (0.5.1-1) unstable; urgency=low

  * New upstream release
  * dbus-x11 dependency moved to quasselclient & quassel (closes: #552061)
  * remove deprecated usage of argument -datadir (closes: #552373)

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Sun, 22 Nov 2009 23:44:04 +0100

quassel (0.5.0-1) unstable; urgency=low

  * New upstream release

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Thu, 22 Oct 2009 22:19:05 +0200

quassel (0.5.0~rc2-1) experimental; urgency=low

  * New upstream release (rc2)
  * Make puiparts happy (closes: #538182)
  * manageusers.py added (closes: #549296)

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Mon, 05 Oct 2009 23:13:06 +0200

quassel (0.4.2-1) unstable; urgency=low

  * New upstream release
  * watch file looks to the *.tar.bz2 directly
    no longer scanning the html page

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Thu, 28 May 2009 21:42:24 +0200

quassel (0.4.1-1) unstable; urgency=low

  * New upstream release

 -- Thomas Mueller <thomas.mueller@tmit.eu>  Sun, 29 Mar 2009 12:51:42 +0200

quassel (0.4.0-1) unstable; urgency=low

  * New upstream release
  * repackaging no longer necessary, because svgz of oxygen icons have been
    added to the source tarball:
    - debian/repack.sh removed
    - debian/README.source removed
    - debian/watch adjusted
    - debian/rules: get-orig-source removed
  * debian/copyright updated: license for oxygen icons added
  * debian/quassel-core.logrotate added
  * debian/patcher/01_default_network_channel.patch added

 -- Thomas Mueller <thomas_mueller_ffb@online.de>  Wed, 18 Feb 2009 22:14:23 +0100

quassel (0.3.1+dfsg-3) unstable; urgency=low

  * fixing bug on upgrade (closes: #513677)
  * 'set -e' removed from ini script
  * cleanup in quassel-core.postrm

 -- Thomas Mueller <thomas_mueller_ffb@online.de>  Wed, 11 Feb 2009 21:14:33 +0100

quassel (0.3.1+dfsg-2) unstable; urgency=low

  * init script added (closes: #513677)
  * user and group for the daemon added (closes: #513677)
  * ssl certificate has been added (closes: #511169) 
    All scripts are based on the ubuntu package
    thanks to Harald Sitter <apachelogger@ubuntu.com>
  * Version in manpages have been adjusted.

 -- Thomas Mueller <thomas_mueller_ffb@online.de>  Mon, 10 Feb 2009 23:13:25 +0100

quassel (0.3.1+dfsg-1) unstable; urgency=low

  * New upstream release
  * upstream update to 0.3.0.3 (closes: #498283)
  * upstream update to 0.3.0.1 (closes: #498283)
  * watch file added - thx to Per Hausen
  * Downgrade quasselclient's dependency on quasselcore (closes: #503126)
    The packages quassel-client and quassel-core can be installed separately
    now.
    The package quassel is a dummy package, which installs client and core.
  * Additional package for the monolithic client.
  * Repackaging orig.tar.gz to remove the oxygen icons. They are no longer
    needed because we go for the locally installed oxygen icons of the package
    kde-icons-oxygen.
  * License for oxygen removed, because it is no longer part of the package.
  * debian/repack.sh added + bz2 handling
  * debian/README.source
  * debian/watch changed to handle repackaging
  * debian/patches removed - no need to patch anything at the moment
  * debian/control: dependeny libqt4-sql-sqlite added

 -- Thomas Mueller <thomas_mueller_ffb@online.de>  Tue, 08 Jan 2009 01:44:23 +0100

quassel (0.2~rc1-1) unstable; urgency=low

  * download link in copyright changed
  * manpage warnings removed
  * update to debian policy 3.8
  * upstream update to 0.2.0-rc1

 -- Thomas Mueller <thomas_mueller_ffb@online.de>  Mon, 07 Jul 2008 20:56:53 +0100

quassel (0.2~beta1-1) unstable; urgency=low

  * svg files for oxygen icons added src/icons/oxygen/scalable
  * upstream update to 0.2.0-beta1

 -- Thomas Mueller <thomas_mueller_ffb@online.de>  Mon, 02 Jun 2008 20:27:28 +0100

quassel (0.2~alpha5-1) unstable; urgency=low

  * svgz files for oxygen icons added src/icons/oxygen/scalable
  * upstream update to 0.2.0-alpha5

 -- Thomas Mueller <thomas_mueller_ffb@online.de>  Mon, 21 Apr 2008 22:20:18 +0100

quassel (0.2~alpha2-3) unstable; urgency=low

  * debian/copyright updated: license for oxygen icons added

 -- Thomas Mueller <thomas_mueller_ffb@online.de>  Mon, 24 Mar 2008 20:01:18 +0100

quassel (0.2~alpha2-2) unstable; urgency=low

  * debian/copyright updated

 -- Thomas Mueller <thomas_mueller_ffb@online.de>  Wed, 12 Mar 2008 21:48:12 +0100

quassel (0.2~alpha2-1) unstable; urgency=low

  * Debianized

 -- Thomas Mueller <thomas_mueller_ffb@online.de>  Sun, 02 Mar 2008 11:40:43 +0100

quassel (0.2~alpha2-0ubuntu1~hardy1~ppa1) hardy; urgency=low

  * Hardy PPA Build

 -- Harald Sitter <apachelogger@ubuntu.com>  Sat, 01 Mar 2008 21:05:03 +0100

quassel (0.2~alpha2-0ubuntu1) ibex; urgency=low

  * Initial release (LP: #195861)

 -- Harald Sitter <apachelogger@ubuntu.com>  Sat, 23 Feb 2008 14:22:06 +0100
