Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 373FA1A923D
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Sat, 29 Jan 2022 13:34:48 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 605)
	id 3942684EA9; Sat, 29 Jan 2022 13:34:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 7175984D04
	for <pkgsrc-changes@NetBSD.org>; Sat, 29 Jan 2022 13:34:46 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id pH1FuTbI_b_4 for <pkgsrc-changes@netbsd.org>;
	Sat, 29 Jan 2022 13:34:45 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id 0773A84CEA
	for <pkgsrc-changes@NetBSD.org>; Sat, 29 Jan 2022 13:34:45 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id EAA65FB24; Sat, 29 Jan 2022 13:34:44 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1643463284186270"
MIME-Version: 1.0
Date: Sat, 29 Jan 2022 13:34:44 +0000
From: "Takahiro Kambe" <taca@netbsd.org>
Subject: CVS commit: pkgsrc/mail
To: pkgsrc-changes@NetBSD.org
Reply-To: taca@netbsd.org
X-Mailer: log_accum
Message-Id: <20220129133444.EAA65FB24@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: <pkgsrc-changes.NetBSD.org>
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1643463284186270
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	taca
Date:		Sat Jan 29 13:34:44 UTC 2022

Modified Files:
	pkgsrc/mail/roundcube: Makefile.common PLIST distinfo
	pkgsrc/mail/roundcube-plugin-password: distinfo

Log Message:
mail/roundcube: update to 1.5.2

This update contains security fix.

Roundcube Webmail 1.5.1 (2021-11-28)

This is the first service release to update the new stable version 1.5.  It
provides a bunch of small fixes and improvements after getting your feedback
from the 1.5.0 release.  See the full changelog below.

Important note for MySQL and MariaDB database backends

The change to full UTF-8 support in MySQL/MariaDB didn't work for everybody
migrating an existing DB.  Hence here's an important notice from the
UPGRADING instructions:

If you use MySQL < 5.7.7 or MariaDB < 10.2.2 make sure to configure it with:

	innodb_large_prefix=1
	innodb_file_per_table=1
	innodb_file_format=Barracuda

This version is considered stable and we recommend to update all productive
installations of Roundcube with it.  Please do backup your data before
updating!

CHANGELOG

* Fix importing contacts with no email address (#8227)
* Fix so session's search scope is not used if search is not active (#8199)
* Fix some PHP8 warnings (#8239)
* Fix so dark mode state is retained after closing the browser (#8237)
* Fix bug where new messages were not added to the list on refresh if
  skip_deleted=true (#8234)
* Fix colors on "Show source" page in dark mode (#8246)
* Fix handling of dark_mode_support:false setting in skins meta.json - also
  when devel_mode=false (#8249)
* Fix database initialization if db_prefix is a schema prefix (#8221)
* Fix undefined constant error in Installer on Windows (#8258)
* Fix installation/upgrade on MySQL 5.5 - Index column size too large (#8231)
* Fix regression in setting of contact listing name (#8260)
* Fix bug in Larry skin where headers toggle state was reset on full page
  preview (#8203)
* Fix bug where \u200b characters were added into the recipient input
  preventing mail delivery (#8269)
* Fix charset conversion errors on PHP < 8 for charsets not supported by
  mbstring (#8252)
* Fix bug where adding a contact to trusted senders via "Always allow
  from..." button didn't work (#8264, #8268)
* Fix bug with show_images setting where option 1 and 3 were swapped (#8268)
* Fix PHP fatal error on an undefined constant in contacts import action
  (#8277)
* Fix fetching headers of multiple message parts at once in
  rcube_imap_generic::fetchMIMEHeaders() (#8282)
* Fix bug where attachment download could sometimes fail with a CSRF check
  error (#8283)
* Fix an infinite loop when parsing environment variables with float/integer
  values (#8293)
* Fix so 'small-dark' logo has more priority than the 'small' logo (#8298)

Roundcube Webmail 1.5.2 (2021-12-30)

This is the second service release to update the new stable version 1.5.  It
provides a bunch of small fixes and improvements to the OAuth feature as
well as a security fix to a recently reported XSS vulnerability.  See the
full changelog below.

Security fix

* Cross-site scripting (XSS) via HTML messages with malicious CSS content

This version is considered stable and we recommend to update all productive
installations of Roundcube with it.  Please do backup your data before
updating!

CHANGELOG

* OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214)
* OAuth: fix expiration of short-lived oauth tokens (#8147)
* OAuth: fix relative path to assets if /index.php/foo/bar url is used
  (#8144)
* OAuth: no auto-redirect on imap login failures (#8370)
* OAuth: refresh access token in 'refresh' plugin hook (#8224)
* Fix so folder search parameters are honored by subscriptions_option plugin
  (#8312)
* Fix password change with Directadmin driver (#8322, #8329)
* Fix so css files in plugins/jqueryui/themes will be minified too (#8337)
* Fix handling of unicode/special characters in custom From input (#8357)
* Fix some PHP8 compatibility issues (#8363)
* Fix chpass-wrapper.py helper compatibility with Python 3 (#8324)
* Fix scrolling and missing Close button in the Select image dialog in
  Elastic/mobile (#8367)
* Security: fix cross-site scripting (XSS) via HTML messages with malicious
  CSS content


To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 pkgsrc/mail/roundcube/Makefile.common
cvs rdiff -u -r1.49 -r1.50 pkgsrc/mail/roundcube/PLIST
cvs rdiff -u -r1.78 -r1.79 pkgsrc/mail/roundcube/distinfo
cvs rdiff -u -r1.27 -r1.28 pkgsrc/mail/roundcube-plugin-password/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1643463284186270
Content-Disposition: inline
Content-Length: 8864
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/mail/roundcube/Makefile.common
diff -u pkgsrc/mail/roundcube/Makefile.common:1.25 pkgsrc/mail/roundcube/Makefile.common:1.26
--- pkgsrc/mail/roundcube/Makefile.common:1.25	Sat Nov 20 15:13:32 2021
+++ pkgsrc/mail/roundcube/Makefile.common	Sat Jan 29 13:34:44 2022
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.25 2021/11/20 15:13:32 taca Exp $
+# $NetBSD: Makefile.common,v 1.26 2022/01/29 13:34:44 taca Exp $
 #
 # used by mail/roundcube/Makefile
 # used by mail/roundcube/plugins.mk
@@ -10,7 +10,7 @@ GITHUB_PROJECT=	roundcubemail
 GITHUB_RELEASE=	${RC_VERS}
 HOMEPAGE=	https://roundcube.net/
 
-RC_VERS=	1.5.0
+RC_VERS=	1.5.2
 
 USE_LANGUAGES=		# none
 USE_TOOLS+=		pax

Index: pkgsrc/mail/roundcube/PLIST
diff -u pkgsrc/mail/roundcube/PLIST:1.49 pkgsrc/mail/roundcube/PLIST:1.50
--- pkgsrc/mail/roundcube/PLIST:1.49	Sat Nov 20 15:13:32 2021
+++ pkgsrc/mail/roundcube/PLIST	Sat Jan 29 13:34:44 2022
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.49 2021/11/20 15:13:32 taca Exp $
+@comment $NetBSD: PLIST,v 1.50 2022/01/29 13:34:44 taca Exp $
 share/doc/roundcube/CHANGELOG.md
 share/doc/roundcube/INSTALL
 share/doc/roundcube/LICENSE
@@ -493,6 +493,7 @@ share/roundcube/plugins/emoticons/locali
 share/roundcube/plugins/emoticons/localization/it_IT.inc
 share/roundcube/plugins/emoticons/localization/ja_JP.inc
 share/roundcube/plugins/emoticons/localization/ko_KR.inc
+share/roundcube/plugins/emoticons/localization/ku_IQ.inc
 share/roundcube/plugins/emoticons/localization/lt_LT.inc
 share/roundcube/plugins/emoticons/localization/lv_LV.inc
 share/roundcube/plugins/emoticons/localization/mk_MK.inc
@@ -793,14 +794,17 @@ share/roundcube/plugins/jqueryui/themes/
 share/roundcube/plugins/jqueryui/themes/classic/images/ui-icons_ffffff_256x240.png
 share/roundcube/plugins/jqueryui/themes/classic/jquery-ui.css
 share/roundcube/plugins/jqueryui/themes/classic/jquery-ui.css.diff
+share/roundcube/plugins/jqueryui/themes/classic/jquery-ui.min.css
 share/roundcube/plugins/jqueryui/themes/elastic/images/jquery.minicolors.png
 share/roundcube/plugins/jqueryui/themes/elastic/images/ui-icons-datepicker.png
 share/roundcube/plugins/jqueryui/themes/elastic/images/ui-icons_444444_256x240.png
 share/roundcube/plugins/jqueryui/themes/elastic/images/ui-icons_777777_256x240.png
 share/roundcube/plugins/jqueryui/themes/elastic/jquery-ui.css
 share/roundcube/plugins/jqueryui/themes/elastic/jquery-ui.css.diff
+share/roundcube/plugins/jqueryui/themes/elastic/jquery-ui.min.css
 share/roundcube/plugins/jqueryui/themes/elastic/jquery.minicolors.css
 share/roundcube/plugins/jqueryui/themes/elastic/jquery.minicolors.css.diff
+share/roundcube/plugins/jqueryui/themes/elastic/jquery.minicolors.min.css
 share/roundcube/plugins/jqueryui/themes/larry/images/animated-overlay.gif
 share/roundcube/plugins/jqueryui/themes/larry/images/jquery.minicolors.png
 share/roundcube/plugins/jqueryui/themes/larry/images/ui-dialog-close.png
@@ -813,8 +817,11 @@ share/roundcube/plugins/jqueryui/themes/
 share/roundcube/plugins/jqueryui/themes/larry/images/ui-icons_ffffff_256x240.png
 share/roundcube/plugins/jqueryui/themes/larry/jquery-ui.css
 share/roundcube/plugins/jqueryui/themes/larry/jquery-ui.css.diff
+share/roundcube/plugins/jqueryui/themes/larry/jquery-ui.min.css
 share/roundcube/plugins/jqueryui/themes/larry/jquery.minicolors.css
+share/roundcube/plugins/jqueryui/themes/larry/jquery.minicolors.min.css
 share/roundcube/plugins/jqueryui/themes/larry/tagedit.css
+share/roundcube/plugins/jqueryui/themes/larry/tagedit.min.css
 share/roundcube/plugins/krb_authentication/composer.json
 share/roundcube/plugins/krb_authentication/krb_authentication.php
 share/roundcube/plugins/managesieve/Changelog
@@ -985,6 +992,7 @@ share/roundcube/plugins/markasjunk/local
 share/roundcube/plugins/markasjunk/localization/el_GR.inc
 share/roundcube/plugins/markasjunk/localization/en_GB.inc
 share/roundcube/plugins/markasjunk/localization/en_US.inc
+share/roundcube/plugins/markasjunk/localization/es_AR.inc
 share/roundcube/plugins/markasjunk/localization/es_ES.inc
 share/roundcube/plugins/markasjunk/localization/et_EE.inc
 share/roundcube/plugins/markasjunk/localization/eu_ES.inc
@@ -992,9 +1000,11 @@ share/roundcube/plugins/markasjunk/local
 share/roundcube/plugins/markasjunk/localization/fr_FR.inc
 share/roundcube/plugins/markasjunk/localization/ga_IE.inc
 share/roundcube/plugins/markasjunk/localization/he_IL.inc
+share/roundcube/plugins/markasjunk/localization/hr_HR.inc
 share/roundcube/plugins/markasjunk/localization/hu_HU.inc
 share/roundcube/plugins/markasjunk/localization/id_ID.inc
 share/roundcube/plugins/markasjunk/localization/is_IS.inc
+share/roundcube/plugins/markasjunk/localization/it_IT.inc
 share/roundcube/plugins/markasjunk/localization/ja_JP.inc
 share/roundcube/plugins/markasjunk/localization/ko_KR.inc
 share/roundcube/plugins/markasjunk/localization/lt_LT.inc
@@ -1799,6 +1809,7 @@ share/roundcube/program/localization/da_
 share/roundcube/program/localization/de_CH/csv2vcard.inc
 share/roundcube/program/localization/de_CH/labels.inc
 share/roundcube/program/localization/de_CH/messages.inc
+share/roundcube/program/localization/de_CH/timezones.inc
 share/roundcube/program/localization/de_DE/csv2vcard.inc
 share/roundcube/program/localization/de_DE/labels.inc
 share/roundcube/program/localization/de_DE/messages.inc
@@ -1822,6 +1833,7 @@ share/roundcube/program/localization/es_
 share/roundcube/program/localization/es_419/timezones.inc
 share/roundcube/program/localization/es_AR/labels.inc
 share/roundcube/program/localization/es_AR/messages.inc
+share/roundcube/program/localization/es_AR/timezones.inc
 share/roundcube/program/localization/es_ES/csv2vcard.inc
 share/roundcube/program/localization/es_ES/labels.inc
 share/roundcube/program/localization/es_ES/messages.inc
@@ -1894,6 +1906,7 @@ share/roundcube/program/localization/ku/
 share/roundcube/program/localization/ku/messages.inc
 share/roundcube/program/localization/ku_IQ/labels.inc
 share/roundcube/program/localization/ku_IQ/messages.inc
+share/roundcube/program/localization/ku_IQ/timezones.inc
 share/roundcube/program/localization/lb_LU/labels.inc
 share/roundcube/program/localization/lb_LU/messages.inc
 share/roundcube/program/localization/lb_LU/timezones.inc

Index: pkgsrc/mail/roundcube/distinfo
diff -u pkgsrc/mail/roundcube/distinfo:1.78 pkgsrc/mail/roundcube/distinfo:1.79
--- pkgsrc/mail/roundcube/distinfo:1.78	Sat Nov 20 15:13:32 2021
+++ pkgsrc/mail/roundcube/distinfo	Sat Jan 29 13:34:44 2022
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.78 2021/11/20 15:13:32 taca Exp $
+$NetBSD: distinfo,v 1.79 2022/01/29 13:34:44 taca Exp $
 
-BLAKE2s (roundcubemail-1.5.0-complete.tar.gz) = 13dddfb9b1504d42610da5ca6a89f84f0230105e31457a9190a0e243a0d3e58e
-SHA512 (roundcubemail-1.5.0-complete.tar.gz) = cba32ee2b86864af9d9163d83fa49763267e3420bee59b86d47b889e1bc53871ed2ff5b2c1444778324f4b259e99752faa3b72f909a8f9c26c7af9c96ba08a54
-Size (roundcubemail-1.5.0-complete.tar.gz) = 7802014 bytes
+BLAKE2s (roundcubemail-1.5.2-complete.tar.gz) = 05c08cdcfd6473bda69ae29ec3f5a654101780b33dcf44c98331b9b978a66789
+SHA512 (roundcubemail-1.5.2-complete.tar.gz) = 96faa8c95c23b538ebfa91f58fb918b37185dbd1c09f2d128c9f8c800a0e3d6a2abbfa52753fb6a7ee47b633f35e2b31c92623107116dc760dfa9a22a4b2a23c
+Size (roundcubemail-1.5.2-complete.tar.gz) = 7852981 bytes
 SHA1 (patch-af) = 7f29b0310a2a6b2e71858787e08b025e30d8bd12
 SHA1 (patch-config_config.inc.php.sample) = 92a48a97b16fe3f5f4b9441fce762a559d8daca7
 SHA1 (patch-program_lib_Roundcube_rcube__mime.php) = b1e9479d575b7fd61c413e2b76ee36c06ece7a5c

Index: pkgsrc/mail/roundcube-plugin-password/distinfo
diff -u pkgsrc/mail/roundcube-plugin-password/distinfo:1.27 pkgsrc/mail/roundcube-plugin-password/distinfo:1.28
--- pkgsrc/mail/roundcube-plugin-password/distinfo:1.27	Sat Nov 20 15:13:32 2021
+++ pkgsrc/mail/roundcube-plugin-password/distinfo	Sat Jan 29 13:34:44 2022
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.27 2021/11/20 15:13:32 taca Exp $
+$NetBSD: distinfo,v 1.28 2022/01/29 13:34:44 taca Exp $
 
-BLAKE2s (roundcubemail-1.5.0-complete.tar.gz) = 13dddfb9b1504d42610da5ca6a89f84f0230105e31457a9190a0e243a0d3e58e
-SHA512 (roundcubemail-1.5.0-complete.tar.gz) = cba32ee2b86864af9d9163d83fa49763267e3420bee59b86d47b889e1bc53871ed2ff5b2c1444778324f4b259e99752faa3b72f909a8f9c26c7af9c96ba08a54
-Size (roundcubemail-1.5.0-complete.tar.gz) = 7802014 bytes
+BLAKE2s (roundcubemail-1.5.2-complete.tar.gz) = 05c08cdcfd6473bda69ae29ec3f5a654101780b33dcf44c98331b9b978a66789
+SHA512 (roundcubemail-1.5.2-complete.tar.gz) = 96faa8c95c23b538ebfa91f58fb918b37185dbd1c09f2d128c9f8c800a0e3d6a2abbfa52753fb6a7ee47b633f35e2b31c92623107116dc760dfa9a22a4b2a23c
+Size (roundcubemail-1.5.2-complete.tar.gz) = 7852981 bytes
 SHA1 (patch-plugins_password_helpers_passwd-expect) = 15e427a3c90bf7c0437a023b3f099abb5a139165


--_----------=_1643463284186270--