Update roundcube to 1.1.4 including security fixes. * Fix a potential path traversal vulnerability. * Adds some measures against brute-force attacks RELEASE 1.1.4 ------------- - Add workaround for https://bugs.php.net/bug.php?id=70757 (#1490582) - Fix duplicate messages in list and wrong count after delete (#1490572) - Fix so Installer requires PHP5 - Make brute force attacks harder by re-generating security token on every failed login (#1490549) - Slow down brute-force attacks by waiting for a second after failed login (#1490549) - Fix .htaccess rewrite rules to not block .well-known URIs (#1490615) - Fix mail view scaling on iOS (#1490551) - Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542) - Fix responses list update issue after response name change (#1490555) - Fix bug where message preview was unintentionally reset on check-recent action (#1490563) - Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539) - Fix redundant blank lines when using HTML and top posting (#1490576) - Fix redundant blank lines on start of text after html to text conversion (#1490577) - Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) - Fix invalid LDAP query in ACL user autocompletion (#1490591) - Fix regression in displaying contents of message/rfc822 parts (#1490606) - Fix handling of message/rfc822 attachments on replies and forwards (#1490607) - Fix PDF support detection in Firefox > 19 (#1490610) - Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620) - Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619)diff -r1.77 -r1.78 pkgsrc/mail/roundcube/Makefile
(taca)
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.77 2015/10/29 15:54:20 prlw1 Exp $ | 1 | # $NetBSD: Makefile,v 1.78 2015/12/26 14:24:48 taca Exp $ | |
2 | 2 | |||
3 | DISTNAME= roundcubemail-1.1.3 | 3 | DISTNAME= roundcubemail-1.1.4 | |
4 | PKGNAME= ${DISTNAME:S/mail-/-/} | 4 | PKGNAME= ${DISTNAME:S/mail-/-/} | |
5 | CATEGORIES= mail | 5 | CATEGORIES= mail | |
6 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=roundcubemail/} | 6 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=roundcubemail/} | |
7 | 7 | |||
8 | MAINTAINER= taca@NetBSD.org | 8 | MAINTAINER= taca@NetBSD.org | |
9 | HOMEPAGE= http://roundcube.net/ | 9 | HOMEPAGE= http://roundcube.net/ | |
10 | COMMENT= Browser-based multilingual IMAP client | 10 | COMMENT= Browser-based multilingual IMAP client | |
11 | LICENSE= gnu-gpl-v3 | 11 | LICENSE= gnu-gpl-v3 | |
12 | 12 | |||
13 | DEPENDS+= ${PHP_PKG_PREFIX}-mbstring>=${PHP_BASE_VERS}:../../converters/php-mbstring | 13 | DEPENDS+= ${PHP_PKG_PREFIX}-mbstring>=${PHP_BASE_VERS}:../../converters/php-mbstring | |
14 | DEPENDS+= ${PHP_PKG_PREFIX}-dom>=${PHP_BASE_VERS}:../../textproc/php-dom | 14 | DEPENDS+= ${PHP_PKG_PREFIX}-dom>=${PHP_BASE_VERS}:../../textproc/php-dom | |
15 | DEPENDS+= ${PHP_PKG_PREFIX}-exif>=${PHP_BASE_VERS}:../../graphics/php-exif | 15 | DEPENDS+= ${PHP_PKG_PREFIX}-exif>=${PHP_BASE_VERS}:../../graphics/php-exif | |
16 | DEPENDS+= ${PHP_PKG_PREFIX}-intl>=${PHP_BASE_VERS}:../../textproc/php-intl | 16 | DEPENDS+= ${PHP_PKG_PREFIX}-intl>=${PHP_BASE_VERS}:../../textproc/php-intl |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | @comment $NetBSD: PLIST,v 1.38 2015/10/29 15:54:20 prlw1 Exp $ | 1 | @comment $NetBSD: PLIST,v 1.39 2015/12/26 14:24:48 taca Exp $ | |
2 | share/doc/roundcube/INSTALL | 2 | share/doc/roundcube/INSTALL | |
3 | share/doc/roundcube/LICENSE | 3 | share/doc/roundcube/LICENSE | |
4 | share/doc/roundcube/README.md | 4 | share/doc/roundcube/README.md | |
5 | share/doc/roundcube/UPGRADING | 5 | share/doc/roundcube/UPGRADING | |
6 | share/examples/roundcube/config.inc.php | 6 | share/examples/roundcube/config.inc.php | |
7 | share/examples/roundcube/defaults.inc.php | 7 | share/examples/roundcube/defaults.inc.php | |
8 | share/examples/roundcube/mimetypes.php | 8 | share/examples/roundcube/mimetypes.php | |
9 | share/examples/roundcube/plugins/acl/config.inc.php | 9 | share/examples/roundcube/plugins/acl/config.inc.php | |
10 | share/examples/roundcube/plugins/additional_message_headers/config.inc.php | 10 | share/examples/roundcube/plugins/additional_message_headers/config.inc.php | |
11 | share/examples/roundcube/plugins/help/config.inc.php | 11 | share/examples/roundcube/plugins/help/config.inc.php | |
12 | share/examples/roundcube/plugins/http_authentication/config.inc.php | 12 | share/examples/roundcube/plugins/http_authentication/config.inc.php | |
13 | share/examples/roundcube/plugins/jqueryui/config.inc.php | 13 | share/examples/roundcube/plugins/jqueryui/config.inc.php | |
14 | share/examples/roundcube/plugins/managesieve/config.inc.php | 14 | share/examples/roundcube/plugins/managesieve/config.inc.php | |
@@ -1855,26 +1855,27 @@ share/roundcube/program/localization/tr_ | @@ -1855,26 +1855,27 @@ share/roundcube/program/localization/tr_ | |||
1855 | share/roundcube/program/localization/uk_UA/labels.inc | 1855 | share/roundcube/program/localization/uk_UA/labels.inc | |
1856 | share/roundcube/program/localization/uk_UA/messages.inc | 1856 | share/roundcube/program/localization/uk_UA/messages.inc | |
1857 | share/roundcube/program/localization/ur_PK/labels.inc | 1857 | share/roundcube/program/localization/ur_PK/labels.inc | |
1858 | share/roundcube/program/localization/vi_VN/labels.inc | 1858 | share/roundcube/program/localization/vi_VN/labels.inc | |
1859 | share/roundcube/program/localization/vi_VN/messages.inc | 1859 | share/roundcube/program/localization/vi_VN/messages.inc | |
1860 | share/roundcube/program/localization/zh_CN/labels.inc | 1860 | share/roundcube/program/localization/zh_CN/labels.inc | |
1861 | share/roundcube/program/localization/zh_CN/messages.inc | 1861 | share/roundcube/program/localization/zh_CN/messages.inc | |
1862 | share/roundcube/program/localization/zh_TW/csv2vcard.inc | 1862 | share/roundcube/program/localization/zh_TW/csv2vcard.inc | |
1863 | share/roundcube/program/localization/zh_TW/labels.inc | 1863 | share/roundcube/program/localization/zh_TW/labels.inc | |
1864 | share/roundcube/program/localization/zh_TW/messages.inc | 1864 | share/roundcube/program/localization/zh_TW/messages.inc | |
1865 | share/roundcube/program/resources/blank.gif | 1865 | share/roundcube/program/resources/blank.gif | |
1866 | share/roundcube/program/resources/blank.tif | 1866 | share/roundcube/program/resources/blank.tif | |
1867 | share/roundcube/program/resources/blocked.gif | 1867 | share/roundcube/program/resources/blocked.gif | |
1868 | share/roundcube/program/resources/dummy.pdf | |||
1868 | share/roundcube/program/steps/addressbook/copy.inc | 1869 | share/roundcube/program/steps/addressbook/copy.inc | |
1869 | share/roundcube/program/steps/addressbook/delete.inc | 1870 | share/roundcube/program/steps/addressbook/delete.inc | |
1870 | share/roundcube/program/steps/addressbook/edit.inc | 1871 | share/roundcube/program/steps/addressbook/edit.inc | |
1871 | share/roundcube/program/steps/addressbook/export.inc | 1872 | share/roundcube/program/steps/addressbook/export.inc | |
1872 | share/roundcube/program/steps/addressbook/func.inc | 1873 | share/roundcube/program/steps/addressbook/func.inc | |
1873 | share/roundcube/program/steps/addressbook/groups.inc | 1874 | share/roundcube/program/steps/addressbook/groups.inc | |
1874 | share/roundcube/program/steps/addressbook/import.inc | 1875 | share/roundcube/program/steps/addressbook/import.inc | |
1875 | share/roundcube/program/steps/addressbook/list.inc | 1876 | share/roundcube/program/steps/addressbook/list.inc | |
1876 | share/roundcube/program/steps/addressbook/mailto.inc | 1877 | share/roundcube/program/steps/addressbook/mailto.inc | |
1877 | share/roundcube/program/steps/addressbook/move.inc | 1878 | share/roundcube/program/steps/addressbook/move.inc | |
1878 | share/roundcube/program/steps/addressbook/photo.inc | 1879 | share/roundcube/program/steps/addressbook/photo.inc | |
1879 | share/roundcube/program/steps/addressbook/print.inc | 1880 | share/roundcube/program/steps/addressbook/print.inc | |
1880 | share/roundcube/program/steps/addressbook/save.inc | 1881 | share/roundcube/program/steps/addressbook/save.inc |
@@ -1,10 +1,10 @@ | @@ -1,10 +1,10 @@ | |||
1 | $NetBSD: distinfo,v 1.47 2015/11/04 17:41:20 agc Exp $ | 1 | $NetBSD: distinfo,v 1.48 2015/12/26 14:24:48 taca Exp $ | |
2 | 2 | |||
3 | SHA1 (roundcubemail-1.1.3.tar.gz) = 4513227bd64eb8564f056817341b1dfe478e215e | 3 | SHA1 (roundcubemail-1.1.4.tar.gz) = 4883c8bb39fadf8af94ffb09ee426cba9f8ef2e3 | |
4 | RMD160 (roundcubemail-1.1.3.tar.gz) = e4301d85004cc5986743ef16e3c4ea2c3f8dd9fd | 4 | RMD160 (roundcubemail-1.1.4.tar.gz) = 24f4bd093db74183132eba7ff610fcff9840541a | |
5 | SHA512 (roundcubemail-1.1.3.tar.gz) = be5d64a8d52aa623de614bc1b137ae2f74250de050de086a510114121bcb760b973f8319884395827f324371542b741b80054b90031d8814752bb018dcda2096 | 5 | SHA512 (roundcubemail-1.1.4.tar.gz) = 18c2422d65292cd13bc4ce592e8490cc0a9d3e9551ac4d188db93eb989525af7ccf519642dd2e68a7380ab0d0d4ad4f999af2b7e99da75d88274743949b42f8a | |
6 | Size (roundcubemail-1.1.3.tar.gz) = 3208502 bytes | 6 | Size (roundcubemail-1.1.4.tar.gz) = 3209549 bytes | |
7 | SHA1 (patch-ac) = 235116580665d5d58edc218c063b41171a2d9227 | 7 | SHA1 (patch-ac) = 235116580665d5d58edc218c063b41171a2d9227 | |
8 | SHA1 (patch-af) = 1f95a7005569207469563aa37ff48da0383b7668 | 8 | SHA1 (patch-af) = 1f95a7005569207469563aa37ff48da0383b7668 | |
9 | SHA1 (patch-config.inc.php) = 20a71b7fd9fbf0a1e097bd17428b9a1a2bed638d | 9 | SHA1 (patch-config.inc.php) = 6652bd2aaba06e1d1dd4a02d2390aa523f54e613 | |
10 | SHA1 (patch-rcube_mime_default) = 5cf58d8cbba63f97ddd8baaa7f1603aeff6bcb0d | 10 | SHA1 (patch-rcube_mime_default) = fe6ff1bea0a2c4223b34e44a6d0ca76e6476d2aa |
@@ -1,15 +1,17 @@ | @@ -1,15 +1,17 @@ | |||
1 | $NetBSD: patch-config.inc.php,v 1.1 2015/05/24 14:48:54 jym Exp $ | 1 | $NetBSD: patch-config.inc.php,v 1.2 2015/12/26 14:24:48 taca Exp $ | |
2 | ||||
2 | Add default paths for log, tmp and MIME types. | 3 | Add default paths for log, tmp and MIME types. | |
4 | ||||
3 | --- config/config.inc.php.sample 2015-03-16 20:54:49.000000000 +0000 | 5 | --- config/config.inc.php.sample 2015-03-16 20:54:49.000000000 +0000 | |
4 | +++ config/config.inc.php.sample.18555.sample | 6 | +++ config/config.inc.php.sample.18555.sample | |
5 | @@ -83,3 +83,10 @@ $config['plugins'] = array( | 7 | @@ -83,3 +83,10 @@ $config['plugins'] = array( | |
6 | 8 | |||
7 | // skin name: folder from skins/ | 9 | // skin name: folder from skins/ | |
8 | $config['skin'] = 'larry'; | 10 | $config['skin'] = 'larry'; | |
9 | + | 11 | + | |
10 | +// use this folder to store log files (must be writeable for apache user) | 12 | +// use this folder to store log files (must be writeable for apache user) | |
11 | +// This is used by the 'file' log driver. | 13 | +// This is used by the 'file' log driver. | |
12 | +$config['log_dir'] = '@VARBASE@/log/roundcube/'; | 14 | +$config['log_dir'] = '@VARBASE@/log/roundcube/'; | |
13 | + | 15 | + | |
14 | +// use this folder to store temp files (must be writeable for apache user) | 16 | +// use this folder to store temp files (must be writeable for apache user) | |
15 | +$config['temp_dir'] = '@VARBASE@/tmp/roundcube/'; | 17 | +$config['temp_dir'] = '@VARBASE@/tmp/roundcube/'; |
@@ -1,18 +1,20 @@ | @@ -1,18 +1,20 @@ | |||
1 | $NetBSD: patch-rcube_mime_default,v 1.1 2015/05/24 14:48:54 jym Exp $ | 1 | $NetBSD: patch-rcube_mime_default,v 1.2 2015/12/26 14:24:48 taca Exp $ | |
2 | ||||
2 | Fix path to /etc/. | 3 | Fix path to /etc/. | |
3 | --- program/lib/Roundcube/rcube_mime.php.orig 2015-03-16 20:54:50.000000000 +0000 | 4 | ||
5 | --- program/lib/Roundcube/rcube_mime.php.orig 2015-12-23 09:18:12.000000000 +0000 | |||
4 | +++ program/lib/Roundcube/rcube_mime.php | 6 | +++ program/lib/Roundcube/rcube_mime.php | |
5 | @@ -807,12 +807,12 @@ class rcube_mime | 7 | @@ -770,12 +770,12 @@ class rcube_mime | |
6 | $file_paths[] = 'C:/xampp/apache/conf/mime.types.'; | 8 | $file_paths[] = 'C:/xampp/apache/conf/mime.types.'; | |
7 | } | 9 | } | |
8 | else { | 10 | else { | |
9 | - $file_paths[] = '/etc/mime.types'; | 11 | - $file_paths[] = '/etc/mime.types'; | |
10 | - $file_paths[] = '/etc/httpd/mime.types'; | 12 | - $file_paths[] = '/etc/httpd/mime.types'; | |
11 | - $file_paths[] = '/etc/httpd2/mime.types'; | 13 | - $file_paths[] = '/etc/httpd2/mime.types'; | |
12 | - $file_paths[] = '/etc/apache/mime.types'; | 14 | - $file_paths[] = '/etc/apache/mime.types'; | |
13 | - $file_paths[] = '/etc/apache2/mime.types'; | 15 | - $file_paths[] = '/etc/apache2/mime.types'; | |
14 | - $file_paths[] = '/etc/nginx/mime.types'; | 16 | - $file_paths[] = '/etc/nginx/mime.types'; | |
15 | + $file_paths[] = '@PKG_SYSCONFBASE@/mime.types'; | 17 | + $file_paths[] = '@PKG_SYSCONFBASE@/mime.types'; | |
16 | + $file_paths[] = '@PKG_SYSCONFBASE@/httpd/mime.types'; | 18 | + $file_paths[] = '@PKG_SYSCONFBASE@/httpd/mime.types'; | |
17 | + $file_paths[] = '@PKG_SYSCONFBASE@/httpd2/mime.types'; | 19 | + $file_paths[] = '@PKG_SYSCONFBASE@/httpd2/mime.types'; | |
18 | + $file_paths[] = '@PKG_SYSCONFBASE@/apache/mime.types'; | 20 | + $file_paths[] = '@PKG_SYSCONFBASE@/apache/mime.types'; |