pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2021Q4]: pkgsrc/mail Pullup ticket #6575 - requested by taca



details:   https://anonhg.NetBSD.org/pkgsrc/rev/a122fe6bd4d4
branches:  pkgsrc-2021Q4
changeset: 372773:a122fe6bd4d4
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Sun Jan 30 17:00:59 2022 +0000

description:
Pullup ticket #6575 - requested by taca
mail/roundcube: security fix

Revisions pulled up:
- mail/roundcube-plugin-password/distinfo                       1.28
- mail/roundcube/Makefile.common                                1.26
- mail/roundcube/PLIST                                          1.50
- mail/roundcube/distinfo                                       1.79

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sat Jan 29 13:34:44 UTC 2022

   Modified Files:
        pkgsrc/mail/roundcube: Makefile.common PLIST distinfo
        pkgsrc/mail/roundcube-plugin-password: distinfo

   Log Message:
   mail/roundcube: update to 1.5.2

   This update contains security fix.

   Roundcube Webmail 1.5.1 (2021-11-28)

   This is the first service release to update the new stable version 1.5.  It
   provides a bunch of small fixes and improvements after getting your feedback
   from the 1.5.0 release.  See the full changelog below.

   Important note for MySQL and MariaDB database backends

   The change to full UTF-8 support in MySQL/MariaDB didn't work for everybody
   migrating an existing DB.  Hence here's an important notice from the
   UPGRADING instructions:

   If you use MySQL < 5.7.7 or MariaDB < 10.2.2 make sure to configure it with:

        innodb_large_prefix=1
        innodb_file_per_table=1
        innodb_file_format=Barracuda

   This version is considered stable and we recommend to update all productive
   installations of Roundcube with it.  Please do backup your data before
   updating!

   CHANGELOG

   * Fix importing contacts with no email address (#8227)
   * Fix so session's search scope is not used if search is not active (#8199)
   * Fix some PHP8 warnings (#8239)
   * Fix so dark mode state is retained after closing the browser (#8237)
   * Fix bug where new messages were not added to the list on refresh if
     skip_deleted=true (#8234)
   * Fix colors on "Show source" page in dark mode (#8246)
   * Fix handling of dark_mode_support:false setting in skins meta.json - also
     when devel_mode=false (#8249)
   * Fix database initialization if db_prefix is a schema prefix (#8221)
   * Fix undefined constant error in Installer on Windows (#8258)
   * Fix installation/upgrade on MySQL 5.5 - Index column size too large (#8231)
   * Fix regression in setting of contact listing name (#8260)
   * Fix bug in Larry skin where headers toggle state was reset on full page
     preview (#8203)
   * Fix bug where \u200b characters were added into the recipient input
     preventing mail delivery (#8269)
   * Fix charset conversion errors on PHP < 8 for charsets not supported by
     mbstring (#8252)
   * Fix bug where adding a contact to trusted senders via "Always allow
     from..." button didn't work (#8264, #8268)
   * Fix bug with show_images setting where option 1 and 3 were swapped (#8268)
   * Fix PHP fatal error on an undefined constant in contacts import action
     (#8277)
   * Fix fetching headers of multiple message parts at once in
     rcube_imap_generic::fetchMIMEHeaders() (#8282)
   * Fix bug where attachment download could sometimes fail with a CSRF check
     error (#8283)
   * Fix an infinite loop when parsing environment variables with float/integer
     values (#8293)
   * Fix so 'small-dark' logo has more priority than the 'small' logo (#8298)

   Roundcube Webmail 1.5.2 (2021-12-30)

   This is the second service release to update the new stable version 1.5.  It
   provides a bunch of small fixes and improvements to the OAuth feature as
   well as a security fix to a recently reported XSS vulnerability.  See the
   full changelog below.

   Security fix

   * Cross-site scripting (XSS) via HTML messages with malicious CSS content

   This version is considered stable and we recommend to update all productive
   installations of Roundcube with it.  Please do backup your data before
   updating!

   CHANGELOG

   * OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214)
   * OAuth: fix expiration of short-lived oauth tokens (#8147)
   * OAuth: fix relative path to assets if /index.php/foo/bar url is used
     (#8144)
   * OAuth: no auto-redirect on imap login failures (#8370)
   * OAuth: refresh access token in 'refresh' plugin hook (#8224)
   * Fix so folder search parameters are honored by subscriptions_option plugin
     (#8312)
   * Fix password change with Directadmin driver (#8322, #8329)
   * Fix so css files in plugins/jqueryui/themes will be minified too (#8337)
   * Fix handling of unicode/special characters in custom From input (#8357)
   * Fix some PHP8 compatibility issues (#8363)
   * Fix chpass-wrapper.py helper compatibility with Python 3 (#8324)
   * Fix scrolling and missing Close button in the Select image dialog in
     Elastic/mobile (#8367)
   * Security: fix cross-site scripting (XSS) via HTML messages with malicious
     CSS content

diffstat:

 mail/roundcube-plugin-password/distinfo |   8 ++++----
 mail/roundcube/Makefile.common          |   4 ++--
 mail/roundcube/PLIST                    |  15 ++++++++++++++-
 mail/roundcube/distinfo                 |   8 ++++----
 4 files changed, 24 insertions(+), 11 deletions(-)

diffs (139 lines):

diff -r 3e035ed30684 -r a122fe6bd4d4 mail/roundcube-plugin-password/distinfo
--- a/mail/roundcube-plugin-password/distinfo   Sun Jan 30 16:56:53 2022 +0000
+++ b/mail/roundcube-plugin-password/distinfo   Sun Jan 30 17:00:59 2022 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.27 2021/11/20 15:13:32 taca Exp $
+$NetBSD: distinfo,v 1.27.2.1 2022/01/30 17:00:59 bsiegert Exp $
 
-BLAKE2s (roundcubemail-1.5.0-complete.tar.gz) = 13dddfb9b1504d42610da5ca6a89f84f0230105e31457a9190a0e243a0d3e58e
-SHA512 (roundcubemail-1.5.0-complete.tar.gz) = cba32ee2b86864af9d9163d83fa49763267e3420bee59b86d47b889e1bc53871ed2ff5b2c1444778324f4b259e99752faa3b72f909a8f9c26c7af9c96ba08a54
-Size (roundcubemail-1.5.0-complete.tar.gz) = 7802014 bytes
+BLAKE2s (roundcubemail-1.5.2-complete.tar.gz) = 05c08cdcfd6473bda69ae29ec3f5a654101780b33dcf44c98331b9b978a66789
+SHA512 (roundcubemail-1.5.2-complete.tar.gz) = 96faa8c95c23b538ebfa91f58fb918b37185dbd1c09f2d128c9f8c800a0e3d6a2abbfa52753fb6a7ee47b633f35e2b31c92623107116dc760dfa9a22a4b2a23c
+Size (roundcubemail-1.5.2-complete.tar.gz) = 7852981 bytes
 SHA1 (patch-plugins_password_helpers_passwd-expect) = 15e427a3c90bf7c0437a023b3f099abb5a139165
diff -r 3e035ed30684 -r a122fe6bd4d4 mail/roundcube/Makefile.common
--- a/mail/roundcube/Makefile.common    Sun Jan 30 16:56:53 2022 +0000
+++ b/mail/roundcube/Makefile.common    Sun Jan 30 17:00:59 2022 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.25 2021/11/20 15:13:32 taca Exp $
+# $NetBSD: Makefile.common,v 1.25.2.1 2022/01/30 17:01:00 bsiegert Exp $
 #
 # used by mail/roundcube/Makefile
 # used by mail/roundcube/plugins.mk
@@ -10,7 +10,7 @@
 GITHUB_RELEASE=        ${RC_VERS}
 HOMEPAGE=      https://roundcube.net/
 
-RC_VERS=       1.5.0
+RC_VERS=       1.5.2
 
 USE_LANGUAGES=         # none
 USE_TOOLS+=            pax
diff -r 3e035ed30684 -r a122fe6bd4d4 mail/roundcube/PLIST
--- a/mail/roundcube/PLIST      Sun Jan 30 16:56:53 2022 +0000
+++ b/mail/roundcube/PLIST      Sun Jan 30 17:00:59 2022 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.49 2021/11/20 15:13:32 taca Exp $
+@comment $NetBSD: PLIST,v 1.49.2.1 2022/01/30 17:01:00 bsiegert Exp $
 share/doc/roundcube/CHANGELOG.md
 share/doc/roundcube/INSTALL
 share/doc/roundcube/LICENSE
@@ -493,6 +493,7 @@
 share/roundcube/plugins/emoticons/localization/it_IT.inc
 share/roundcube/plugins/emoticons/localization/ja_JP.inc
 share/roundcube/plugins/emoticons/localization/ko_KR.inc
+share/roundcube/plugins/emoticons/localization/ku_IQ.inc
 share/roundcube/plugins/emoticons/localization/lt_LT.inc
 share/roundcube/plugins/emoticons/localization/lv_LV.inc
 share/roundcube/plugins/emoticons/localization/mk_MK.inc
@@ -793,14 +794,17 @@
 share/roundcube/plugins/jqueryui/themes/classic/images/ui-icons_ffffff_256x240.png
 share/roundcube/plugins/jqueryui/themes/classic/jquery-ui.css
 share/roundcube/plugins/jqueryui/themes/classic/jquery-ui.css.diff
+share/roundcube/plugins/jqueryui/themes/classic/jquery-ui.min.css
 share/roundcube/plugins/jqueryui/themes/elastic/images/jquery.minicolors.png
 share/roundcube/plugins/jqueryui/themes/elastic/images/ui-icons-datepicker.png
 share/roundcube/plugins/jqueryui/themes/elastic/images/ui-icons_444444_256x240.png
 share/roundcube/plugins/jqueryui/themes/elastic/images/ui-icons_777777_256x240.png
 share/roundcube/plugins/jqueryui/themes/elastic/jquery-ui.css
 share/roundcube/plugins/jqueryui/themes/elastic/jquery-ui.css.diff
+share/roundcube/plugins/jqueryui/themes/elastic/jquery-ui.min.css
 share/roundcube/plugins/jqueryui/themes/elastic/jquery.minicolors.css
 share/roundcube/plugins/jqueryui/themes/elastic/jquery.minicolors.css.diff
+share/roundcube/plugins/jqueryui/themes/elastic/jquery.minicolors.min.css
 share/roundcube/plugins/jqueryui/themes/larry/images/animated-overlay.gif
 share/roundcube/plugins/jqueryui/themes/larry/images/jquery.minicolors.png
 share/roundcube/plugins/jqueryui/themes/larry/images/ui-dialog-close.png
@@ -813,8 +817,11 @@
 share/roundcube/plugins/jqueryui/themes/larry/images/ui-icons_ffffff_256x240.png
 share/roundcube/plugins/jqueryui/themes/larry/jquery-ui.css
 share/roundcube/plugins/jqueryui/themes/larry/jquery-ui.css.diff
+share/roundcube/plugins/jqueryui/themes/larry/jquery-ui.min.css
 share/roundcube/plugins/jqueryui/themes/larry/jquery.minicolors.css
+share/roundcube/plugins/jqueryui/themes/larry/jquery.minicolors.min.css
 share/roundcube/plugins/jqueryui/themes/larry/tagedit.css
+share/roundcube/plugins/jqueryui/themes/larry/tagedit.min.css
 share/roundcube/plugins/krb_authentication/composer.json
 share/roundcube/plugins/krb_authentication/krb_authentication.php
 share/roundcube/plugins/managesieve/Changelog
@@ -985,6 +992,7 @@
 share/roundcube/plugins/markasjunk/localization/el_GR.inc
 share/roundcube/plugins/markasjunk/localization/en_GB.inc
 share/roundcube/plugins/markasjunk/localization/en_US.inc
+share/roundcube/plugins/markasjunk/localization/es_AR.inc
 share/roundcube/plugins/markasjunk/localization/es_ES.inc
 share/roundcube/plugins/markasjunk/localization/et_EE.inc
 share/roundcube/plugins/markasjunk/localization/eu_ES.inc
@@ -992,9 +1000,11 @@
 share/roundcube/plugins/markasjunk/localization/fr_FR.inc
 share/roundcube/plugins/markasjunk/localization/ga_IE.inc
 share/roundcube/plugins/markasjunk/localization/he_IL.inc
+share/roundcube/plugins/markasjunk/localization/hr_HR.inc
 share/roundcube/plugins/markasjunk/localization/hu_HU.inc
 share/roundcube/plugins/markasjunk/localization/id_ID.inc
 share/roundcube/plugins/markasjunk/localization/is_IS.inc
+share/roundcube/plugins/markasjunk/localization/it_IT.inc
 share/roundcube/plugins/markasjunk/localization/ja_JP.inc
 share/roundcube/plugins/markasjunk/localization/ko_KR.inc
 share/roundcube/plugins/markasjunk/localization/lt_LT.inc
@@ -1799,6 +1809,7 @@
 share/roundcube/program/localization/de_CH/csv2vcard.inc
 share/roundcube/program/localization/de_CH/labels.inc
 share/roundcube/program/localization/de_CH/messages.inc
+share/roundcube/program/localization/de_CH/timezones.inc
 share/roundcube/program/localization/de_DE/csv2vcard.inc
 share/roundcube/program/localization/de_DE/labels.inc
 share/roundcube/program/localization/de_DE/messages.inc
@@ -1822,6 +1833,7 @@
 share/roundcube/program/localization/es_419/timezones.inc
 share/roundcube/program/localization/es_AR/labels.inc
 share/roundcube/program/localization/es_AR/messages.inc
+share/roundcube/program/localization/es_AR/timezones.inc
 share/roundcube/program/localization/es_ES/csv2vcard.inc
 share/roundcube/program/localization/es_ES/labels.inc
 share/roundcube/program/localization/es_ES/messages.inc
@@ -1894,6 +1906,7 @@
 share/roundcube/program/localization/ku/messages.inc
 share/roundcube/program/localization/ku_IQ/labels.inc
 share/roundcube/program/localization/ku_IQ/messages.inc
+share/roundcube/program/localization/ku_IQ/timezones.inc
 share/roundcube/program/localization/lb_LU/labels.inc
 share/roundcube/program/localization/lb_LU/messages.inc
 share/roundcube/program/localization/lb_LU/timezones.inc
diff -r 3e035ed30684 -r a122fe6bd4d4 mail/roundcube/distinfo
--- a/mail/roundcube/distinfo   Sun Jan 30 16:56:53 2022 +0000
+++ b/mail/roundcube/distinfo   Sun Jan 30 17:00:59 2022 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.78 2021/11/20 15:13:32 taca Exp $
+$NetBSD: distinfo,v 1.78.2.1 2022/01/30 17:01:00 bsiegert Exp $
 
-BLAKE2s (roundcubemail-1.5.0-complete.tar.gz) = 13dddfb9b1504d42610da5ca6a89f84f0230105e31457a9190a0e243a0d3e58e
-SHA512 (roundcubemail-1.5.0-complete.tar.gz) = cba32ee2b86864af9d9163d83fa49763267e3420bee59b86d47b889e1bc53871ed2ff5b2c1444778324f4b259e99752faa3b72f909a8f9c26c7af9c96ba08a54
-Size (roundcubemail-1.5.0-complete.tar.gz) = 7802014 bytes
+BLAKE2s (roundcubemail-1.5.2-complete.tar.gz) = 05c08cdcfd6473bda69ae29ec3f5a654101780b33dcf44c98331b9b978a66789
+SHA512 (roundcubemail-1.5.2-complete.tar.gz) = 96faa8c95c23b538ebfa91f58fb918b37185dbd1c09f2d128c9f8c800a0e3d6a2abbfa52753fb6a7ee47b633f35e2b31c92623107116dc760dfa9a22a4b2a23c
+Size (roundcubemail-1.5.2-complete.tar.gz) = 7852981 bytes
 SHA1 (patch-af) = 7f29b0310a2a6b2e71858787e08b025e30d8bd12
 SHA1 (patch-config_config.inc.php.sample) = 92a48a97b16fe3f5f4b9441fce762a559d8daca7
 SHA1 (patch-program_lib_Roundcube_rcube__mime.php) = b1e9479d575b7fd61c413e2b76ee36c06ece7a5c



Home | Main Index | Thread Index | Old Index