Update security path for CVE-2016-5103 (XSS) from upstream. Bump PKGREVISION.diff -r1.81 -r1.82 pkgsrc/mail/roundcube/Makefile
(taca)
@@ -1,17 +1,18 @@ | @@ -1,17 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.81 2016/05/26 03:20:37 taca Exp $ | 1 | # $NetBSD: Makefile,v 1.82 2016/05/26 23:22:17 taca Exp $ | |
2 | 2 | |||
3 | DISTNAME= roundcubemail-1.1.5 | 3 | DISTNAME= roundcubemail-1.1.5 | |
4 | PKGNAME= ${PHP_PKG_PREFIX}-${DISTNAME:S/mail-/-/} | 4 | PKGNAME= ${PHP_PKG_PREFIX}-${DISTNAME:S/mail-/-/} | |
5 | PKGREVISION= 1 | |||
5 | CATEGORIES= mail | 6 | CATEGORIES= mail | |
6 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=roundcubemail/} | 7 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=roundcubemail/} | |
7 | 8 | |||
8 | MAINTAINER= taca@NetBSD.org | 9 | MAINTAINER= taca@NetBSD.org | |
9 | HOMEPAGE= http://roundcube.net/ | 10 | HOMEPAGE= http://roundcube.net/ | |
10 | COMMENT= Browser-based multilingual IMAP client | 11 | COMMENT= Browser-based multilingual IMAP client | |
11 | LICENSE= gnu-gpl-v3 | 12 | LICENSE= gnu-gpl-v3 | |
12 | 13 | |||
13 | DEPENDS+= ${PHP_PKG_PREFIX}-mbstring>=${PHP_BASE_VERS}:../../converters/php-mbstring | 14 | DEPENDS+= ${PHP_PKG_PREFIX}-mbstring>=${PHP_BASE_VERS}:../../converters/php-mbstring | |
14 | DEPENDS+= ${PHP_PKG_PREFIX}-dom>=${PHP_BASE_VERS}:../../textproc/php-dom | 15 | DEPENDS+= ${PHP_PKG_PREFIX}-dom>=${PHP_BASE_VERS}:../../textproc/php-dom | |
15 | DEPENDS+= ${PHP_PKG_PREFIX}-exif>=${PHP_BASE_VERS}:../../graphics/php-exif | 16 | DEPENDS+= ${PHP_PKG_PREFIX}-exif>=${PHP_BASE_VERS}:../../graphics/php-exif | |
16 | DEPENDS+= ${PHP_PKG_PREFIX}-intl>=${PHP_BASE_VERS}:../../textproc/php-intl | 17 | DEPENDS+= ${PHP_PKG_PREFIX}-intl>=${PHP_BASE_VERS}:../../textproc/php-intl | |
17 | DEPENDS+= ${PHP_PKG_PREFIX}-json>=${PHP_BASE_VERS}:../../textproc/php-json | 18 | DEPENDS+= ${PHP_PKG_PREFIX}-json>=${PHP_BASE_VERS}:../../textproc/php-json |
@@ -1,10 +1,11 @@ | @@ -1,10 +1,11 @@ | |||
1 | $NetBSD: distinfo,v 1.49 2016/05/26 03:20:37 taca Exp $ | 1 | $NetBSD: distinfo,v 1.50 2016/05/26 23:22:17 taca Exp $ | |
2 | 2 | |||
3 | SHA1 (roundcubemail-1.1.5.tar.gz) = d0843b592a810435dff49aa615fd3075691ca18d | 3 | SHA1 (roundcubemail-1.1.5.tar.gz) = d0843b592a810435dff49aa615fd3075691ca18d | |
4 | RMD160 (roundcubemail-1.1.5.tar.gz) = b716851dc55fa88553ad06c21e8c8080416303f1 | 4 | RMD160 (roundcubemail-1.1.5.tar.gz) = b716851dc55fa88553ad06c21e8c8080416303f1 | |
5 | SHA512 (roundcubemail-1.1.5.tar.gz) = 7723746c4c1959460adb9f157fed6ebf78720ee84640791e0501b6c2adb5c60a58fa93e4e244dfad1998f3595cc31ca3dc48e7e111e69e5a0444d96d6cf04289 | 5 | SHA512 (roundcubemail-1.1.5.tar.gz) = 7723746c4c1959460adb9f157fed6ebf78720ee84640791e0501b6c2adb5c60a58fa93e4e244dfad1998f3595cc31ca3dc48e7e111e69e5a0444d96d6cf04289 | |
6 | Size (roundcubemail-1.1.5.tar.gz) = 3147385 bytes | 6 | Size (roundcubemail-1.1.5.tar.gz) = 3147385 bytes | |
7 | SHA1 (patch-ac) = 235116580665d5d58edc218c063b41171a2d9227 | 7 | SHA1 (patch-ac) = 235116580665d5d58edc218c063b41171a2d9227 | |
8 | SHA1 (patch-af) = 1f95a7005569207469563aa37ff48da0383b7668 | 8 | SHA1 (patch-af) = 1f95a7005569207469563aa37ff48da0383b7668 | |
9 | SHA1 (patch-plugins_password_helpers_passwd-expect) = 9e0082f23e37bbab26e8bb1439668132d5aacca2 | 9 | SHA1 (patch-plugins_password_helpers_passwd-expect) = 9e0082f23e37bbab26e8bb1439668132d5aacca2 | |
10 | SHA1 (patch-program_lib_Roundcube_rcube__washtml.php) = 3a38804d81ead4cd0271befaacc370e78c103b7a | |||
10 | SHA1 (patch-rcube_mime_default) = fe6ff1bea0a2c4223b34e44a6d0ca76e6476d2aa | 11 | SHA1 (patch-rcube_mime_default) = fe6ff1bea0a2c4223b34e44a6d0ca76e6476d2aa |
$NetBSD: patch-program_lib_Roundcube_rcube__washtml.php,v 1.3 2016/05/26 23:22:17 taca Exp $
Fix CVE-2016-5103, XSS from upstream.
--- program/lib/Roundcube/rcube_washtml.php.orig 2016-04-17 16:22:20.000000000 +0000
+++ program/lib/Roundcube/rcube_washtml.php
@@ -370,7 +370,7 @@ class rcube_washtml
*/
private function is_link_attribute($tag, $attr)
{
- return $tag == 'a' && $attr == 'href';
+ return ($tag == 'a' || $tag == 'area') && $attr == 'href';
}
/**