horizon (2014.1.3-7+deb8u2) jessie-security; urgency=medium

  * CVE-2016-4428: Possible client side template injection in horizon. Applied
    upstream patch: "Escape angularjs templating in unsafe HTML" after rebasing
    it for Icehouse (Closes: #828967).

 -- Thomas Goirand <zigo@debian.org>  Wed, 29 Jun 2016 15:24:16 +0200

horizon (2014.1.3-7+deb8u1) jessie-security; urgency=high

  * Fix CVE-2015-3219 with upstream patch (Closes: 788306).

 -- Thomas Goirand <zigo@debian.org>  Wed, 10 Jun 2015 16:18:34 +0200

horizon (2014.1.3-7) unstable; urgency=medium

  * Fix Moscow timezone check and avoid FTBFS (Closes: #775636).

 -- Thomas Goirand <zigo@debian.org>  Wed, 21 Jan 2015 14:03:26 +0000

horizon (2014.1.3-6) unstable; urgency=high

  * CVE-2014-8124: Horizon denial of service attack through login page. Applied
    upstrema patch (Closes: #772710).

 -- Thomas Goirand <zigo@debian.org>  Wed, 10 Dec 2014 19:41:02 +0800

horizon (2014.1.3-5) unstable; urgency=medium

  * Purge the /usr/share/openstack-dashboard/openstack_dashboard folder when
    purging openstack-dashboard (Closes: #769101).

 -- Thomas Goirand <zigo@debian.org>  Wed, 12 Nov 2014 05:24:26 +0800

horizon (2014.1.3-4) unstable; urgency=medium

  * Added Dutch debconf translations thanks to Frans Spiesschaert
    <Frans.Spiesschaert@yucom.be> (Closes: #766414).

 -- Thomas Goirand <zigo@debian.org>  Sat, 25 Oct 2014 16:12:13 +0800

horizon (2014.1.3-3) unstable; urgency=medium

  * Mangling upstream rc and beta versions in watch file.
  * Added patch to fix wrong WSGI application with Django 1.7.

 -- Thomas Goirand <zigo@debian.org>  Thu, 16 Oct 2014 16:43:58 +0000

horizon (2014.1.3-1) unstable; urgency=medium

  * New upstream release.
  * Removed patches applied upstream:
    - 0006_fix-TEMPLATE_DIRS-must-be-tuple.patch
    - 0007-Rename-add_error-methods-to-avoid-conflict-with-Djan.patch
    - 0010_Tentative-fix-for-a-test-suite-failure-after-the-las.patch
    - CVE_2014-3594_stable-icehouse.patch

 -- Thomas Goirand <zigo@debian.org>  Fri, 03 Oct 2014 21:19:01 +0800

horizon (2014.1.2-4) unstable; urgency=medium

  * Moves the libapache2-mod-wsgi (>= 2.3) dependency to
    openstack-dashboard-apache.
  * Disable test_update_project_when_default_role_does_not_exist() which is
    failing under Django 1.7 (Closes: #755651).

 -- Thomas Goirand <zigo@debian.org>  Tue, 16 Sep 2014 23:33:28 +0800

horizon (2014.1.2-3) unstable; urgency=high

  * CVE_2014-3594: Fix XSS issue with the unordered_list filter
    (Closes: #758930).
  * Added Build-Conflicts: python-webob

 -- Thomas Goirand <zigo@debian.org>  Sat, 23 Aug 2014 10:30:29 +0800

horizon (2014.1.2-2) unstable; urgency=medium

  * Used the new version of the summation patch.
  * Added build-conflicts: python-unittest2.

 -- Thomas Goirand <zigo@debian.org>  Wed, 13 Aug 2014 13:50:13 +0000

horizon (2014.1.2-1) unstable; urgency=medium

  * New upstream point release.
  * Removed CVE-2014-3473, CVE-2014-3474, CVE-2014-3475 patch, applied
    upstream.

 -- Thomas Goirand <zigo@debian.org>  Sun, 10 Aug 2014 22:57:13 +0800

horizon (2014.1.1-3) unstable; urgency=high

  * CVE-2014-3473, CVE-2014-3474, CVE-2014-3475: XSS vulnerability. Applied
    upstream provided patch from https://review.openstack.org/105477
    (Closes: 754255).

 -- Thomas Goirand <zigo@debian.org>  Wed, 09 Jul 2014 16:14:35 +0800

horizon (2014.1.1-2) unstable; urgency=medium

  * Updated de.po thanks to Chris Leick <c.leick@vollbio.de> (Closes: #751163).

 -- Thomas Goirand <zigo@debian.org>  Wed, 11 Jun 2014 12:24:13 +0800

horizon (2014.1.1-1) unstable; urgency=medium

  * New upstream release.
  * Removed Use_escapejs_filter_on_JavaScript_strings.patch applied upstream.
  * Now needs python-six >= 1.6.0.

 -- Thomas Goirand <zigo@debian.org>  Mon, 09 Jun 2014 23:16:43 +0800

horizon (2014.1-2) unstable; urgency=medium

  * Added Use_escapejs_filter_on_JavaScript_strings.patch.

 -- Thomas Goirand <zigo@debian.org>  Wed, 21 May 2014 08:42:42 +0800

horizon (2014.1-1) unstable; urgency=medium

  * New upstream release.
  * Uploading to unstable.

 -- Thomas Goirand <zigo@debian.org>  Wed, 09 Apr 2014 17:32:13 +0800

horizon (2014.1~rc1-1) experimental; urgency=low

  * New upstream release.
  * Reviewed (build-)depends for this release.
  * Refreshed fix-python-m-coverage.patch

 -- Thomas Goirand <zigo@debian.org>  Wed, 02 Apr 2014 18:24:26 +0800

horizon (2014.1~b3-2) experimental; urgency=low

  * Fixed MANIFEST.in which was missing the openstack_dashboard *.py.

 -- Thomas Goirand <zigo@debian.org>  Tue, 18 Mar 2014 00:44:21 +0800

horizon (2014.1~b3-1) experimental; urgency=low

  [ Gonéri Le Bouder ]
  * Compress the CSS and JS during the postinst (Closes: #739698)
   - Turns COMPRESS_OFFLINE to True since we now pre-compress the
    CSS and the JS
   - call "manage.py compress" in the post-inst script
  * avoid openstack-dashboard-apache.postinst failure if the default vhost
    has been removed.
  * Add myself in Uploaders
  * run horizon with the horizon user/group
  * Bump standard version, no change needed
  * Call debconf-updatepo to refresh the i18n template

  [ Thomas Goirand ]
  * New upstream release (Icehouse beta 3).
  * Removes CVE-2013-6858 patch applied upstream.
  * Refreshed patch.

 -- Thomas Goirand <zigo@debian.org>  Fri, 14 Mar 2014 11:34:49 +0000

horizon (2013.2-2) unstable; urgency=high

  * CVE-2013-6858: persistent XSS vulnerability. Applies upstream patch: Fix
    bug by escaping strings from Nova before displaying them (Closes: #730752).
  * Adds debconf translations updates, with warm thanks to:
    - French, Julien Patriarca <leatherface@debian.org> (Closes: #726711).
    - Italian, Beatrice Torracca <beatricet@libero.it> (Closes: #726829).
  * New debconf translations, with warm thanks to:
    - Portuguese, Américo Monteiro <a_monteiro@gmx.com> (Closes: #729911).

 -- Thomas Goirand <zigo@debian.org>  Wed, 04 Dec 2013 20:43:44 +0800

horizon (2013.2-1) unstable; urgency=low

  * New upstream release.
  * Uploading to unstable.

 -- Thomas Goirand <zigo@debian.org>  Fri, 18 Oct 2013 00:15:57 +0800

horizon (2013.2~rc3-1) experimental; urgency=low

  * New upstream pre-release.
  * Now running the upstream unit tests, and added a debian/source/options file
    with extend-diff-ignore = "[.]*.secret_key_store"

 -- Thomas Goirand <zigo@debian.org>  Thu, 17 Oct 2013 11:27:06 +0800

horizon (2013.2~rc2-1) experimental; urgency=low

  * New upstream pre-release.

 -- Thomas Goirand <zigo@debian.org>  Wed, 16 Oct 2013 23:17:44 +0800

horizon (2013.2~rc1-2) experimental; urgency=low

  * Now creates /var/lib/openstack-dashboard/secret-key in the postinst, and
    sets this path as default in /etc/openstack-dashbaord/local_settings.py,
    instead of the path in /usr/share (Closes: #726373).
  * Debconf translations updates:
    - Czech, thanks to Michal Šimůnek (Closes: #726124).
    - Danish, thanks to Joe Dalton (Closes: #725988).
    - Russian, thanks to Yuri Kozlov (Closes: #725878).
  * Added new debconf translation:
    - Swedish, thanks to Martin Bagge (Closes: #725101).

 -- Thomas Goirand <zigo@debian.org>  Sun, 13 Oct 2013 22:48:35 +0800

horizon (2013.2~rc1-1) experimental; urgency=low

  * New upstream release.
  * Lots of dependencies adjustments.

 -- Thomas Goirand <zigo@debian.org>  Tue, 08 Oct 2013 09:22:10 +0000

horizon (2013.1.3-2) unstable; urgency=low

  * Added new French debconf translation (Closes: #722421).

 -- Thomas Goirand <zigo@debian.org>  Wed, 25 Sep 2013 17:30:14 +0800

horizon (2013.1.3-1) unstable; urgency=low

  * New upstream point release.
  * Added a few Debconf translations:
    - japaneese, thanks to victory (Closes: #719723).
    - Danish, thanks to Joe Dalton (Closes: #720012).
    - Italian, thanks to Beatrice Torracca (Closes: #720644).
    - Czech, thanks to Michal Šimůnek (Closes: #721223).
    - Russian, thanks to Yuri Kozlov (Closes: #721306).

 -- Thomas Goirand <zigo@debian.org>  Fri, 30 Aug 2013 16:52:24 +0800

horizon (2013.1.2-4) unstable; urgency=low

  * Fixes prerm so that it uninstalls the correct .conf files for apache, since
    old apache vhost has been rename because of apache 2.4. Also remove the old
    ones as a transition, but using || true to avoid failure (Closes: #669836).

 -- Thomas Goirand <zigo@debian.org>  Fri, 19 Jul 2013 01:06:46 +0800

horizon (2013.1.2-3) unstable; urgency=low

  * Now works with Sid apache 2.4 (Closes: #669836).
  * Debconf and long description rewrite from the debian-l10n-english team: a
    big thanks to them (Closes: #709000).

 -- Thomas Goirand <zigo@debian.org>  Sun, 14 Jul 2013 06:13:46 +0000

horizon (2013.1.2-2) unstable; urgency=low

  * Added a /etc/default/openstack-dashboard-apache to save the values of
    debconf about setting-up the Apache vhosts.

 -- Thomas Goirand <zigo@debian.org>  Sat, 15 Jun 2013 02:45:58 +0800

horizon (2013.1.2-1) unstable; urgency=low

  * New upstream release.
  * Ran wrap-and-sort.
  * Also rm -rf /var/lib/horizon on purge (Closes: #668760).
  * Removed chown -R, does more selective chown instead.
  * Removes "a2ensite default" in postrm (Closes: #708632).

 -- Thomas Goirand <zigo@debian.org>  Thu, 30 May 2013 11:23:28 +0800

horizon (2013.1.1-2) unstable; urgency=low

  * Added missing symlink to /var for the css and js dynamic generation folder.

 -- Thomas Goirand <zigo@debian.org>  Tue, 21 May 2013 12:51:27 +0800

horizon (2013.1.1-1) unstable; urgency=low

  * Uploading to unstable.
  * New upstream release.
  * Removes the build of static CSS and JS, as they are done dynamically.
  * Cleans better the package now (rebuild twice should work).

 -- Thomas Goirand <zigo@debian.org>  Thu, 16 May 2013 14:14:58 +0000

horizon (2013.1-1) experimental; urgency=low

  * New upstream release.
  * Kills the COMPRESS_OFFLINE = True patch, no longer needed.

 -- Thomas Goirand <zigo@debian.org>  Mon, 28 Jan 2013 22:39:15 +0800

horizon (2012.2.1-1) experimental; urgency=low

  * New upstream release 2012.2.1
  * Recommends: memcached and use it as default on localhost.
  * Rewrote Apache vhost, diables apache "default" vhost by default, (probably
  we should ask for permission to do that using debconf).
  * Now writing css and js script in /var, plus we aren't doing chown www-data
  of all the static, but only css + js in /var.
  * Now asking using debconf if we should disable the default apache vhost,
  and activate the Dasboard, and if we should use SSL or not.
  * Added missing dependency on node-less.
  * The package had only Build-Depends:, now setting lots of them in
  Build-Depends-Indep: as it should be.
  * Using pkgos.make in debian/rules.

 -- Thomas Goirand <zigo@debian.org>  Sun, 02 Dec 2012 11:59:19 +0000

horizon (2012.2~rc1-1) experimental; urgency=low

  [ Mehdi Abaakouk ]
  * New upstream version
  * Remove CVE-2012-3540 fixed by upstream
  [ Thomas Goirand ]
  * Now using xz compression level 9 for the debs.

 -- Mehdi Abaakouk <sileht@sileht.net>  Mon, 10 Sep 2012 17:56:09 +0200

horizon (2012.1.1-5) unstable; urgency=low

  * Add the /static/horizon alias to the apache host definition. Without
    it the javascript files cannot be found and most of the dashboard
    functions are not working.

 -- Loic Dachary (OuoU) <loic@debian.org>  Tue, 04 Sep 2012 13:47:54 +0200

horizon (2012.1.1-4) unstable; urgency=high

  * CVE-2012-3540: added patch: Disallow login redirects to anywhere other than
  the same origin (Closes: #686050).

 -- Thomas Goirand <zigo@debian.org>  Tue, 28 Aug 2012 03:05:44 +0000

horizon (2012.1.1-3) unstable; urgency=low

  [ Thomas Goirand ]
  * Added missing (build-)dependencies (took what was in the Ubuntu package and
  which seems to be missing in Debian).
  * Fixed missing license in debian/copyright.
  * Added a get-vcs-source target in debian/rules.
  * Fixed debian/copyright header.

  [ Loic Dachary (OuoU) ]
  * Add compression = xz to debian/gbp.conf

 -- Thomas Goirand <zigo@debian.org>  Sun, 08 Jul 2012 18:05:14 +0000

horizon (2012.1.1-2) unstable; urgency=low

  * Add a /static alias to serve the static files. By default django is
    configured in debug mode and will serve the static files. However,
    when it is configured in production mode, it will no longer serve them
    and it is expected that apache will take care of it. (Closes: #679440).
  * Add Loic Dachary as Uploader

 -- Loic Dachary (OuoU) <loic@debian.org>  Fri, 29 Jun 2012 10:23:33 +0200

horizon (2012.1.1-1) unstable; urgency=low

  [ Julien Danjou ]
  * Remove useless dependency on openstackx
  * Fix clean target

  [ Mehdi Abaakouk ]
  * New upsteam release
  * Remove patches fixed upstream: CVE_2012-2094, CVE_2012-2144.
  * Add gbp configuration file
  * Clean horizon user home directory on purge. Closes: #668760
  * Add Mehdi Abaakouk as Uploader

 -- Julien Danjou <acid@debian.org>  Mon, 25 Jun 2012 13:13:35 +0200

horizon (2012.1-4) unstable; urgency=low

  * Fixed CVE_2012-2144. Closes: #671604

 -- Ghe Rivero <ghe.rivero@stackops.com>  Sat, 05 May 2012 12:02:08 +0200

horizon (2012.1-3) unstable; urgency=low

  * Fixed CVE_2012-2094

 -- Ghe Rivero <ghe.rivero@stackops.com>  Tue, 17 Apr 2012 19:38:18 +0200

horizon (2012.1-2) unstable; urgency=low

  * Make openstack-dashboard depends on the same version of
    python-django-horizon, otherwise it just fails to work most of the
    time, since upstream doesn't guarantee it'd work.

 -- Julien Danjou <acid@debian.org>  Mon, 16 Apr 2012 16:11:45 +0200

horizon (2012.1-1) unstable; urgency=low

  * New upstream release

 -- Ghe Rivero <ghe.rivero@stackops.com>  Mon, 09 Apr 2012 09:29:59 +0200

horizon (2012.1~rc2-1) unstable; urgency=low

  * New upstream release

 -- Ghe Rivero <ghe.rivero@stackops.com>  Wed, 04 Apr 2012 10:46:08 +0200

horizon (2012.1~rc1-1) unstable; urgency=low

  * New upstream release.

 -- Ghe Rivero <ghe.rivero@stackops.com>  Tue, 20 Mar 2012 18:29:45 +0100

horizon (2012.1~e4-1) unstable; urgency=low

  * New upstream release

 -- Ghe Rivero <ghe@debian.org>  Fri, 02 Mar 2012 08:42:48 +0100

horizon (2012.1~e3-3) unstable; urgency=low

  * Added manage.py to openstack-dashboard pkg

 -- Ghe Rivero <ghe@debian.org>  Sun, 29 Jan 2012 10:26:12 +0100

horizon (2012.1~e3-2) unstable; urgency=low

  *Fixed typo in libjs-jquery

 -- Ghe Rivero <ghe@debian.org>  Thu, 26 Jan 2012 16:40:21 +0100

horizon (2012.1~e3-1) unstable; urgency=low

  * New upstream release

 -- Ghe Rivero <ghe@debian.org>  Thu, 26 Jan 2012 14:37:30 +0100

horizon (2012.1~e2-2) unstable; urgency=low

  * Rebuild to not depends on python-openstack-compute

 -- Julien Danjou <acid@debian.org>  Mon, 19 Dec 2011 09:43:45 +0100

horizon (2012.1~e2-1) unstable; urgency=low

  * New upstream release

 -- Julien Danjou <acid@debian.org>  Fri, 16 Dec 2011 10:16:19 +0100

horizon (2012.1~e1-1) unstable; urgency=low

  * Initial release (Closes: #649897, #649994)

 -- Julien Danjou <acid@debian.org>  Fri, 25 Nov 2011 11:30:34 +0100
