pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2024Q1] pkgsrc/mail
Module Name: pkgsrc
Committed By: bsiegert
Date: Sun Jun 23 16:12:08 UTC 2024
Modified Files:
pkgsrc/mail/roundcube [pkgsrc-2024Q1]: Makefile.common PLIST distinfo
pkgsrc/mail/roundcube-plugin-password [pkgsrc-2024Q1]: distinfo
Log Message:
Pullup ticket #6864 - requested by taca
mail/roundcube: security fix
Revisions pulled up:
- mail/roundcube-plugin-password/distinfo 1.37
- mail/roundcube/Makefile.common 1.35
- mail/roundcube/PLIST 1.57
- mail/roundcube/distinfo 1.89
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 22 13:15:59 UTC 2024
Modified Files:
pkgsrc/mail/roundcube: Makefile.common PLIST distinfo
pkgsrc/mail/roundcube-plugin-password: distinfo
Log Message:
mail/roundcube: update to 1.6.7
1.6.7 (2024-05-19)
This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerabilities:
* Fix cross-site scripting (XSS) vulnerability in handling SVG animate
attributes.
* Reported by Valentin T. and Lutz Wolf of CrowdStrike.
* Fix cross-site scripting (XSS) vulnerability in handling list columns from
user preferences.
* Reported by Huy Nguyễn Phạm Nhật.
* Fix command injection via crafted im_convert_path/im_identify_path on Windows.
* Reported by Huy Nguyễn Phạm Nhật.
This version is considered stable and we recommend to update all productive
installations of Roundcube 1.6.x with it. Please do backup your data before
updating!
CHANGELOG
* Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
* Fix bug where HTML entities in URLs were not decoded on HTML to plain text
conversion (#9312)
* Fix bug in collapsing/expanding folders with some special characters in
names (#9324)
* Fix PHP8 warnings (#9363, #9365, #9429)
* Fix missing field labels in CSV import, for some locales (#9393)
* Fix cross-site scripting (XSS) vulnerability in handling SVG animate
attributes
* Fix cross-site scripting (XSS) vulnerability in handling list columns from
user preferences
* Fix command injection via crafted im_convert_path/im_identify_path on
Windows
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.34.2.1 pkgsrc/mail/roundcube/Makefile.common
cvs rdiff -u -r1.56 -r1.56.2.1 pkgsrc/mail/roundcube/PLIST
cvs rdiff -u -r1.88 -r1.88.2.1 pkgsrc/mail/roundcube/distinfo
cvs rdiff -u -r1.36 -r1.36.2.1 pkgsrc/mail/roundcube-plugin-password/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/mail/roundcube/Makefile.common
diff -u pkgsrc/mail/roundcube/Makefile.common:1.34 pkgsrc/mail/roundcube/Makefile.common:1.34.2.1
--- pkgsrc/mail/roundcube/Makefile.common:1.34 Sun Jan 28 02:58:22 2024
+++ pkgsrc/mail/roundcube/Makefile.common Sun Jun 23 16:12:08 2024
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.34 2024/01/28 02:58:22 taca Exp $
+# $NetBSD: Makefile.common,v 1.34.2.1 2024/06/23 16:12:08 bsiegert Exp $
#
# used by mail/roundcube/Makefile
# used by mail/roundcube/plugins.mk
@@ -10,7 +10,7 @@ GITHUB_PROJECT= roundcubemail
GITHUB_RELEASE= ${RC_VERS}
HOMEPAGE= https://roundcube.net/
-RC_VERS= 1.6.6
+RC_VERS= 1.6.7
USE_LANGUAGES= # none
USE_TOOLS+= pax
Index: pkgsrc/mail/roundcube/PLIST
diff -u pkgsrc/mail/roundcube/PLIST:1.56 pkgsrc/mail/roundcube/PLIST:1.56.2.1
--- pkgsrc/mail/roundcube/PLIST:1.56 Sun Jan 28 02:58:22 2024
+++ pkgsrc/mail/roundcube/PLIST Sun Jun 23 16:12:08 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.56 2024/01/28 02:58:22 taca Exp $
+@comment $NetBSD: PLIST,v 1.56.2.1 2024/06/23 16:12:08 bsiegert Exp $
share/doc/roundcube/CHANGELOG.md
share/doc/roundcube/INSTALL
share/doc/roundcube/LICENSE
@@ -2316,7 +2316,6 @@ share/roundcube/vendor/pear/pear-core-mi
share/roundcube/vendor/pear/pear-core-minimal/composer.json
share/roundcube/vendor/pear/pear-core-minimal/src/OS/Guess.php
share/roundcube/vendor/pear/pear-core-minimal/src/PEAR.php
-share/roundcube/vendor/pear/pear-core-minimal/src/PEAR/Error.php
share/roundcube/vendor/pear/pear-core-minimal/src/PEAR/ErrorStack.php
share/roundcube/vendor/pear/pear-core-minimal/src/System.php
share/roundcube/vendor/pear/pear_exception/LICENSE
@@ -2356,12 +2355,15 @@ share/roundcube/vendor/ralouphie/getallh
share/roundcube/vendor/ralouphie/getallheaders/README.md
share/roundcube/vendor/ralouphie/getallheaders/composer.json
share/roundcube/vendor/ralouphie/getallheaders/src/getallheaders.php
+share/roundcube/vendor/roundcube/plugin-installer/.php-cs-fixer.dist.php
share/roundcube/vendor/roundcube/plugin-installer/README.md
share/roundcube/vendor/roundcube/plugin-installer/composer.json
-share/roundcube/vendor/roundcube/plugin-installer/src/Roundcube/Composer/ExtensionInstaller.php
-share/roundcube/vendor/roundcube/plugin-installer/src/Roundcube/Composer/PluginInstaller.php
-share/roundcube/vendor/roundcube/plugin-installer/src/Roundcube/Composer/RoundcubeInstaller.php
-share/roundcube/vendor/roundcube/plugin-installer/src/Roundcube/Composer/SkinInstaller.php
+share/roundcube/vendor/roundcube/plugin-installer/phpstan.neon.dist
+share/roundcube/vendor/roundcube/plugin-installer/src/ExtensionInstaller.php
+share/roundcube/vendor/roundcube/plugin-installer/src/PluginInstaller.php
+share/roundcube/vendor/roundcube/plugin-installer/src/RoundcubeInstaller.php
+share/roundcube/vendor/roundcube/plugin-installer/src/SkinInstaller.php
+share/roundcube/vendor/roundcube/plugin-installer/test-composer/composer.json
share/roundcube/vendor/roundcube/rtf-html-php/CHANGELOG.md
share/roundcube/vendor/roundcube/rtf-html-php/LICENSE
share/roundcube/vendor/roundcube/rtf-html-php/README.md
Index: pkgsrc/mail/roundcube/distinfo
diff -u pkgsrc/mail/roundcube/distinfo:1.88 pkgsrc/mail/roundcube/distinfo:1.88.2.1
--- pkgsrc/mail/roundcube/distinfo:1.88 Sun Jan 28 02:58:22 2024
+++ pkgsrc/mail/roundcube/distinfo Sun Jun 23 16:12:08 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.88 2024/01/28 02:58:22 taca Exp $
+$NetBSD: distinfo,v 1.88.2.1 2024/06/23 16:12:08 bsiegert Exp $
-BLAKE2s (roundcubemail-1.6.6-complete.tar.gz) = 54291659025734460d1cb15105dcdf45aac91a63b250497c6f7ccf3956377a26
-SHA512 (roundcubemail-1.6.6-complete.tar.gz) = e5d7b187c444c0aec231c41d8c4cc80c388d86cc5d6689d5183a61c8913749239c5efcad5725fbb97efcdcaf2dd0235cd6a827b3deb94065da42dbb03a9bca6b
-Size (roundcubemail-1.6.6-complete.tar.gz) = 5895753 bytes
+BLAKE2s (roundcubemail-1.6.7-complete.tar.gz) = cd89e4c9500375fc3dc87bace42ea98a100732b944f507915fd71a888d554d2c
+SHA512 (roundcubemail-1.6.7-complete.tar.gz) = aedc940e769e881d448eced2ef0b603c87f9a9e18624cae4d14a946e6f9509c827f75e6fb294a760970e37caa9ab0bfb0a7ec8843b12542f59f350948d2d8d3b
+Size (roundcubemail-1.6.7-complete.tar.gz) = 5899345 bytes
SHA1 (patch-config_config.inc.php.sample) = 92a48a97b16fe3f5f4b9441fce762a559d8daca7
SHA1 (patch-program_include_iniset.php) = 8a6c13c0c87d583ed60e43c01a4173d9d802a6a1
SHA1 (patch-program_lib_Roundcube_rcube__mime.php) = bfefc6850d3db230dd4224491e895fe25a32e87a
Index: pkgsrc/mail/roundcube-plugin-password/distinfo
diff -u pkgsrc/mail/roundcube-plugin-password/distinfo:1.36 pkgsrc/mail/roundcube-plugin-password/distinfo:1.36.2.1
--- pkgsrc/mail/roundcube-plugin-password/distinfo:1.36 Sun Jan 28 02:58:22 2024
+++ pkgsrc/mail/roundcube-plugin-password/distinfo Sun Jun 23 16:12:08 2024
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.36 2024/01/28 02:58:22 taca Exp $
+$NetBSD: distinfo,v 1.36.2.1 2024/06/23 16:12:08 bsiegert Exp $
-BLAKE2s (roundcubemail-1.6.6-complete.tar.gz) = 54291659025734460d1cb15105dcdf45aac91a63b250497c6f7ccf3956377a26
-SHA512 (roundcubemail-1.6.6-complete.tar.gz) = e5d7b187c444c0aec231c41d8c4cc80c388d86cc5d6689d5183a61c8913749239c5efcad5725fbb97efcdcaf2dd0235cd6a827b3deb94065da42dbb03a9bca6b
-Size (roundcubemail-1.6.6-complete.tar.gz) = 5895753 bytes
+BLAKE2s (roundcubemail-1.6.7-complete.tar.gz) = cd89e4c9500375fc3dc87bace42ea98a100732b944f507915fd71a888d554d2c
+SHA512 (roundcubemail-1.6.7-complete.tar.gz) = aedc940e769e881d448eced2ef0b603c87f9a9e18624cae4d14a946e6f9509c827f75e6fb294a760970e37caa9ab0bfb0a7ec8843b12542f59f350948d2d8d3b
+Size (roundcubemail-1.6.7-complete.tar.gz) = 5899345 bytes
SHA1 (patch-plugins_password_helpers_passwd-expect) = 15e427a3c90bf7c0437a023b3f099abb5a139165
Home |
Main Index |
Thread Index |
Old Index