--- - branch: MAIN date: Wed May 16 08:14:41 UTC 2018 files: - new: '1.89' old: '1.88' path: pkgsrc/mail/roundcube/Makefile pathrev: pkgsrc/mail/roundcube/Makefile@1.89 type: modified - new: '1.10' old: '1.9' path: pkgsrc/mail/roundcube/Makefile.common pathrev: pkgsrc/mail/roundcube/Makefile.common@1.10 type: modified - new: '1.45' old: '1.44' path: pkgsrc/mail/roundcube/PLIST pathrev: pkgsrc/mail/roundcube/PLIST@1.45 type: modified - new: '1.61' old: '1.60' path: pkgsrc/mail/roundcube/distinfo pathrev: pkgsrc/mail/roundcube/distinfo@1.61 type: modified - new: '1.16' old: '1.15' path: pkgsrc/mail/roundcube/options.mk pathrev: pkgsrc/mail/roundcube/options.mk@1.16 type: modified - new: '1.2' old: '1.1' path: pkgsrc/mail/roundcube/files/apache.conf pathrev: pkgsrc/mail/roundcube/files/apache.conf@1.2 type: modified - new: '1.2' old: '1.1' path: pkgsrc/mail/roundcube/files/nginx.conf pathrev: pkgsrc/mail/roundcube/files/nginx.conf@1.2 type: modified - new: '1.1' old: '0' path: pkgsrc/mail/roundcube/files/lighttpd.conf pathrev: pkgsrc/mail/roundcube/files/lighttpd.conf@1.1 type: added - new: '0' old: '1.10' path: pkgsrc/mail/roundcube/patches/patch-ac pathrev: pkgsrc/mail/roundcube/patches/patch-ac@0 type: deleted - new: '1.3' old: '1.2' path: pkgsrc/mail/roundcube/patches/patch-rcube_mime_default pathrev: pkgsrc/mail/roundcube/patches/patch-rcube_mime_default@1.3 type: modified id: 20180516T081441Z.0275a8f3ddf3b2393c7d4b8f928c43478b198745 log: | roundcube: update to 1.3.6 * add JavaScript dependencies listed in jsdeps.json * put them on /pub/pkgsrc/distfiles/roundcube to avoid checksum error due to archive automatic generation (e.g. tinymce_languages.zip) * remove patch-ac * add example configuration fragment for www/lighttpd CHANGELOG Roundcube Webmail =========================== RELEASE 1.3.6 ------------- - Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216) - Fix PHP 7.2: count(): Parameter must be an array in enchant-based spellchecker (#6234) - Fix possible IMAP command injection and type juggling vulnerabilities (#6229) - Enigma: Fix key selection for signing - Enigma: Enable keypair generation on Internet Explorer 11 - Fix check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238) - Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224) RELEASE 1.3.5 ------------- - Managesieve: Fix bug where text: syntax was forced for strings longer than 1024 characters (#6143) - Managesieve: Fix missing Save button in Edit Filter Set page of Classic skin (#6154) - Fix duplicated labels in Test SMTP Config section (#6166) - Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169) - Enigma: Fix key generation in Safari by upgrade to OpenPGP 2.6.2 (#6149) - Fix security issue in remote content blocking on HTML image and style tags (#6178) - Added 9pt and 11pt to the list of font sizes in HTML editor - Fix handling encoding of HTML tags in "inline" JSON output (#6207) - Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212) RELEASE 1.3.4 ------------- - Fix bug where contacts search could skip some records (#6130) - Fix possible information leak - add more strict sql error check on user creation (#6125) - Fix a couple of warnings on PHP 7.2 (#6098) - Fix broken long filenames when using imap4d server - workaround server bug (#6048) - Fix so temp_dir misconfiguration prints an error to the log (#6045) - Fix untagged COPYUID responses handling - again (#5982) - Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 (#6075) - Fix bug where Archive folder wasn't auto-created on login with create_default_folders=true - Fix performance issue when parsing malformed and long Date header (#6087) - Fix syntax error in mssql.initial.sql (#6097) - Fix bug where contacts export by selection returned no more than 10 entries (#6103) - Fix searching contacts by address in LDAP source (#6084) - Fix X-Frame-Options:ALLOW-FROM support, remove custom click-jacking protection (#6057) RELEASE 1.3.3 ------------- - Fix decoding of mailto: links with + character in HTML messages (#6020) - Fix false reporting of failed upgrade in installto.sh (#6019) - Fix file disclosure vulnerability caused by insufficient input validation [CVE-2017-16651] (#6026) - Fix mangled non-ASCII characters in links in HTML messages (#6028) RELEASE 1.3.2 ------------- - Improve detection for Egde browser and add pointer event support (#5922) - Fix bug where pink image was used instead of a thumbnail when image resize fails (#5933) - Fix so files size/count limit is verified (client-side) also on drag-n-drop uploads (#5940) - Fix invalid template loading on a message error in preview frame (#5941) - Fix bug where HTML messages could have been rendered empty on some systems (#5957) - Fix wording of "Mark previewed messages as read" to "Mark messages as read" (#5952) - Enigma: Fix decryption of messages encoded with non-ascii charset (#5962) - Fix missing cursor in HTML editor on mail reply (#5969) - Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) - Fix bug where mail search could return empty result on servers without SORT capability (#5973) - Fix bug where assets_path wasn't added to some watermark frames - Fix so untagged COPYUID responses are also supported according to RFC6851 (#5982) - Fix issue caused by non-default session.cookie_lifetime setting (#5961) - Fix Edge encoding bug when pasting text into the HTML editor, update to TinyMCE 4.5.8 (#5885) - Fix handling of unknown Content-Disposition type (#6002) - Fix truncated folder name on messages list in multi-folder mode, for folders with non-ascii characters (#6004) - Fix bug where removing the last subfolder did not hide toggle button on its parent record (#6007) - Fix bug where ghost messages could be added to the list after fast delete (#5941) RELEASE 1.3.1 ------------- - Don't ignore (global) userlogins/sendmail logs in per_user_logging mode - Add Preferences > Mailbox View > Main Options > Layout (#5829) - Password: Fix compatibility with PHP 7+ in cpanel_webmail driver (#5820) - Managesieve: Fix parsing dot-staffed lines in multiline text (#5838) - Managesieve: Fix AM/PM suffix in vacation time selectors - Managesieve: Fix bug where 'exists' operator was reset to 'contains' (#5899) - Remove non-printable characters from filenames on download/display (#5880) - Fix decoding non-ascii attachment names from TNEF attachments (#5646, #5799) - Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788) - Fix bug where HTML messages with @media styles could moddify style of page body (#5811) - Fix style issue on selected and unfocused message that is part of a thread (#5798) - Fix bug where a.button style from managesieve plugin could impact other elements (#5800) - Fix position of selected icon for (Mailvelope) Encrypt button - Fix fatal error when using DMY- or MDY-based date format in PostgreSQL (#5808) - Fix bug where errors were not printed when using bin/update.sh (#5834) - Fix PHP 7.2 warnings on count() use (#5845) - Fix bug where Chrome could not upload the same file that was selected before (#5854) - Fix duplicate messages on the list after deleting messages on the next to the last page (#5862) - Fix bug where messages count was not updated after delete when imap_cache is set (#5872) - Fix potential XSS vulnerability with malformed HTML message markup - Fix sending message with "Too many public recipients" dialog buttons (#5924) - Bring back double-click behavior on the message list which was removed in 1.3.0 (#5823) - Enigma: Fix decrypting an encrypted+signed message when signature verification fails (#5914) RELEASE 1.3.0 ------------- - Update to TinyMCE 4.5.7 - Fix bug where invalid recipients could be silently discarded (#5739) - Fix conflict with _gid cookie of Google Analytics (#5748) - Print error from CLI scripts when system/exec function is disabled (#5744) - Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) - Fix bug where it wasn't possible to scroll folders list in Edge (#5750) - Fix folders list sorting on Windows - if php-intl is available (#5732) - Fix addressbook searching by gender (#5757) - Fix prevention from using % and * characters in folder name (#5762) - Fix POST parameter reflection in default_charset selector (#5768) - Enigma: Fix compatibility with assets_dir - Managesieve: Skip redundant LISTSCRIPTS command - Fix SQL syntax error on MariaDB 10.2 (#5774) - Fix bug where zipdownload ignored files with the same name (#5777) - Fix bug where it wasn't possible to set timezone to auto-detected value (#5782) RELEASE 1.3-rc -------------- - "Flattened" the larry theme: fresher look by removing shadows and gradients - Support logging to php://stdout (#5721) - Add support for DelSp=Yes in format=flowed messages (#5702) - Update to jQuery 3.2.1 - Update to TinyMCE 4.5.6 - Plugin API: Call message_part_structure hook for sub-parts of multipart/alternative message (#5678) - Enigma: Always use detached signatures (#5624) - Enigma: Fix handling of messages with nested PGP encrypted parts (#5634) - Minimize unwanted message loading in preview frame on drag (#5616) - Fix failing database schema check in all engines except mysql (#5730) - Fix autocomplete popup closing with click outside the input, don't handle Tab key as Enter (#5606) - Fix jsdeps.json synchronization on update, warn about missing requirements of install-jsdeps.sh (#5598) - Fix missing thread expand icon on search result in widescreen mode (#5613) - Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) - Fix bug where external content in src attribute of input/video tags was not secured (#5583) - Fix PHP error on update of a contact with multiple email addresses when using PHP 7.1 (#5587) - Fix bug where mail content frame couldn't be reset in some corner cases (#5608) - Fix bug where some classic skin images were not displayed in IE/Edge (#5614) - Fix bug where signature couldn't be added above the quote in Firefox 51 (#5628) - Fix regression where groups with email address were resolved to its members' addresses - Fix update of group name in the contacts list header on group rename (#5648) - Add rewrite rule to disable access to /vendor/bin folder in .htaccess (#5630) - Fix bug where it was too easy accidentally move a folder when using the subscription checkbox (#5655) - Managesieve: Fix parser issue with empty lines between comments (#5657) - Managesieve: Fix possible defect in handling \r\n in scripts (#5685) - Fix/rephrase "unsaved changes" warning when cancelling a draft (#5610) - Fix XSS issue in handling of a style tag inside of an svg element [CVE-2017-6820] - Fix bug where settings/upload.inc could not be used by plugins (#5694) - Fix regression in LDAP fuzzy search where it always used prefix search instead (#5713) - Fix bug where namespace prefix could not be truncated on folders list if show_real_foldernames=true (#5695) - Fix undesired effects when postgres database uses different timezone than PHP host (#5708) - Installer: Fix DB schema initialization on MS SQL Server - Fix bug where base_dn setting was ignored inside group_filters (#5720) - Password: Fix security issue in virtualmin and sasl drivers [CVE-2017-8114] RELEASE 1.3-beta ---------------- - Nicely handle contact deletion on contact edit (#5522) - vcard_attachments: Add possibility to attach contact vCard to composed message (#4997) - Preserve message internal/received date on import in mbox format (#5559) - Zipdownload: Fix date format in mbox "From line" - Possibility to display QR code for contacts data (#5030) - Added identicon plugin - Widescreen layout aka three column view (#5093) - Unify automatic marking as \Seen in preview pane, full-page and extwin views (#5071) - Disable double-click on the list when preview pane is on (#5199) - Support hostname and hostname:port in force_https option (#5511) - Support ALLOW-FROM in x_frame_options (#5122) - Allow to omit a subject when sending an email (#5068) - Warn about too many disclosed recipients in composed email [max_disclosed_recipients] (#5132) - identity_select: Support Received header (#5085) - Plugin API: Added get_compose_responses hook (#5457) - Display error when trying to upload more files than specified in max_file_uploads (#5483) - Add missing sql upgrade file for 'ip' column resize in session table (#5465) - Do not show inline images of unsupported mimetype (#5463) - Password: Added replacement variables support in password_pop_host (#5539) - Password: Don't store passwords in temp files when using dovecotpw (#5531) - Password: Added LDAP PPolicy driver (#5364) - Password: Added cpanel_webmail driver (#5549) - Password: Added possibility to nicely redirect from other plugins on password expiration (#5468) - Implement separate action to mark all messages in a folder as \Seen (#5006) - Implement marking as \Seen in all folders or in a folder and its subfolders (#5076) - Archive: Don't reload messages list when it's not needed (#5225) - Archive: Add option to automatically mark archived messages as \Seen (#5142) - Improve randomness of password salts and random hashes (#5266) - Password/cPanel: Add support for hash authentication and reseller accounts (#5252) - Support host-specific imap_conn_options/smtp_conn_options/managesieve_conn_options (#5136) - Center and scale images in attachment preview frame (#5421) - Added max_message_size option enforced when attaching files to a composed message (#4993) - Added Search button in quick search menus (#5312) - Implement "one click" attachment/messages/photo upload (#5024) - Squirrelmail_usercopy: Add option to define character set of data files - Removed useless 'created' column from 'session' table (#5389) - Dropped legacy browsers support (#5167) - Removed legacy_browser plugin - Removed hacks for IE < 10 - Update to jQuery 3.1.1 and jQuery-UI 1.12.0 - compile .min.js files with ECMASCRIPT5 option - Require PHP >= 5.4 - Add possibility to preview and download attachments in mail compose (#5053) - Add possibility to rename attachments in mail compose (#4996) - Remove backward compatibility "layer" of bc.php (#4902) - Support WEBP images in mail messages (#5362) - Support MathML in HTML message preview (#5182) - Rename Addressbook to Contacts (#5233) - Remove PHP mail() support, smtp_server is required now (#5340) - Display full message subject in onmouseover on truncated subject in mail view (#5346) - Enigma: Support GnuPG 2.1 (#5313) - Enigma: Support key generation for multiple identities (#5383) - Enigma: Import keys from key-server(s) (#5286) - Enigma: Search missing public keys on a key-server in mail compose (#5286) - Enigma: Delete user keys when using deluser.sh script - Enigma: Fix redundant list-secret-keys/list-public-keys calls on signing/encryption - Enigma: Implement PGP encryption and signing in one go (#5302) - Enigma: Display signature verification status for encrypted+signed messages (#5302) - Display different attachment icon on encrypted messages - Display different confirmation text when moving messages to Trash (#5220) - Indicate that a collapsed thread has flagged children (#5013) - Implemented message/rfc822 attachment preview - Update to jsTimezoneDetect 1.0.6 - Managesieve: Add (optional) RAW script editor (#5414) - Managesieve: Add option to automatically set vacation :from address (#5428) - Managesieve: Support 'string' test from variables extension [RFC 5229] (#5248) - Managesieve: Support 'duplicate' extension [RFC 7352] - Managesieve: Unhide advanced rule controls if there are inputs with errors - Managesieve: Display warning message when filter form contains errors - Control search engine crawlers via X-Robots-Tag header instead of and robots.txt (#5098) - Fixed redundancy in sql caching system and compatibility with Galera Cluster (#5439) - Removed redundant 'created' column from cache and cache_shared tables - Removed use of redundant data records - Added missing primary keys (dictionary, cache, cache_shared tables) - Fix so templating system does not mess with external (e.g. email) content (#5499) - Fix redundant keep-alive/refresh after session error on compose page (#5500) - Managesieve: Fix handling of scripts with nested rules (#5540) - Fix variable substitution in ldap host for some use-cases, e.g. new_user_identity (#5544) - Enigma: Fix PHP fatal error when decrypting a message with invalid signature (#5555) - Fix adding images to new identity signatures - Fix rsync error handling in installto.sh script (#5562) - Fix some advanced search issues with multiple addressbooks (#5572) - Fix so group/addressbook selection is retained on page refresh module: pkgsrc subject: 'CVS commit: pkgsrc/mail/roundcube' unixtime: '1526458481' user: triaxx