pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/mail

Module Name:    pkgsrc
Committed By:   taca
Date:           Wed May 22 13:15:59 UTC 2024

Modified Files:
        pkgsrc/mail/roundcube: Makefile.common PLIST distinfo
        pkgsrc/mail/roundcube-plugin-password: distinfo

Log Message:
mail/roundcube: update to 1.6.7

1.6.7 (2024-05-19)

This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerabilities:

* Fix cross-site scripting (XSS) vulnerability in handling SVG animate
  attributes.
* Reported by Valentin T. and Lutz Wolf of CrowdStrike.
* Fix cross-site scripting (XSS) vulnerability in handling list columns from
  user preferences.
* Reported by Huy Nguyễn Phạm Nhật.
* Fix command injection via crafted im_convert_path/im_identify_path on Windows.
* Reported by Huy Nguyễn Phạm Nhật.

This version is considered stable and we recommend to update all productive
installations of Roundcube 1.6.x with it.  Please do backup your data before
updating!

CHANGELOG

* Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
* Fix bug where HTML entities in URLs were not decoded on HTML to plain text
  conversion (#9312)
* Fix bug in collapsing/expanding folders with some special characters in
  names (#9324)
* Fix PHP8 warnings (#9363, #9365, #9429)
* Fix missing field labels in CSV import, for some locales (#9393)
* Fix cross-site scripting (XSS) vulnerability in handling SVG animate
  attributes
* Fix cross-site scripting (XSS) vulnerability in handling list columns from
  user preferences
* Fix command injection via crafted im_convert_path/im_identify_path on
  Windows


To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 pkgsrc/mail/roundcube/Makefile.common
cvs rdiff -u -r1.56 -r1.57 pkgsrc/mail/roundcube/PLIST
cvs rdiff -u -r1.88 -r1.89 pkgsrc/mail/roundcube/distinfo
cvs rdiff -u -r1.36 -r1.37 pkgsrc/mail/roundcube-plugin-password/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: pkgsrc/mail/roundcube/Makefile.common
diff -u pkgsrc/mail/roundcube/Makefile.common:1.34 pkgsrc/mail/roundcube/Makefile.common:1.35
--- pkgsrc/mail/roundcube/Makefile.common:1.34  Sun Jan 28 02:58:22 2024
+++ pkgsrc/mail/roundcube/Makefile.common       Wed May 22 13:15:59 2024
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.34 2024/01/28 02:58:22 taca Exp $
+# $NetBSD: Makefile.common,v 1.35 2024/05/22 13:15:59 taca Exp $
 #
 # used by mail/roundcube/Makefile
 # used by mail/roundcube/plugins.mk
@@ -10,7 +10,7 @@ GITHUB_PROJECT=       roundcubemail
 GITHUB_RELEASE=        ${RC_VERS}
 HOMEPAGE=      https://roundcube.net/
 
-RC_VERS=       1.6.6
+RC_VERS=       1.6.7
 
 USE_LANGUAGES=         # none
 USE_TOOLS+=            pax

Index: pkgsrc/mail/roundcube/PLIST
diff -u pkgsrc/mail/roundcube/PLIST:1.56 pkgsrc/mail/roundcube/PLIST:1.57
--- pkgsrc/mail/roundcube/PLIST:1.56    Sun Jan 28 02:58:22 2024
+++ pkgsrc/mail/roundcube/PLIST Wed May 22 13:15:59 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.56 2024/01/28 02:58:22 taca Exp $
+@comment $NetBSD: PLIST,v 1.57 2024/05/22 13:15:59 taca Exp $
 share/doc/roundcube/CHANGELOG.md
 share/doc/roundcube/INSTALL
 share/doc/roundcube/LICENSE
@@ -2316,7 +2316,6 @@ share/roundcube/vendor/pear/pear-core-mi
 share/roundcube/vendor/pear/pear-core-minimal/composer.json
 share/roundcube/vendor/pear/pear-core-minimal/src/OS/Guess.php
 share/roundcube/vendor/pear/pear-core-minimal/src/PEAR.php
-share/roundcube/vendor/pear/pear-core-minimal/src/PEAR/Error.php
 share/roundcube/vendor/pear/pear-core-minimal/src/PEAR/ErrorStack.php
 share/roundcube/vendor/pear/pear-core-minimal/src/System.php
 share/roundcube/vendor/pear/pear_exception/LICENSE
@@ -2356,12 +2355,15 @@ share/roundcube/vendor/ralouphie/getallh
 share/roundcube/vendor/ralouphie/getallheaders/README.md
 share/roundcube/vendor/ralouphie/getallheaders/composer.json
 share/roundcube/vendor/ralouphie/getallheaders/src/getallheaders.php
+share/roundcube/vendor/roundcube/plugin-installer/.php-cs-fixer.dist.php
 share/roundcube/vendor/roundcube/plugin-installer/README.md
 share/roundcube/vendor/roundcube/plugin-installer/composer.json
-share/roundcube/vendor/roundcube/plugin-installer/src/Roundcube/Composer/ExtensionInstaller.php
-share/roundcube/vendor/roundcube/plugin-installer/src/Roundcube/Composer/PluginInstaller.php
-share/roundcube/vendor/roundcube/plugin-installer/src/Roundcube/Composer/RoundcubeInstaller.php
-share/roundcube/vendor/roundcube/plugin-installer/src/Roundcube/Composer/SkinInstaller.php
+share/roundcube/vendor/roundcube/plugin-installer/phpstan.neon.dist
+share/roundcube/vendor/roundcube/plugin-installer/src/ExtensionInstaller.php
+share/roundcube/vendor/roundcube/plugin-installer/src/PluginInstaller.php
+share/roundcube/vendor/roundcube/plugin-installer/src/RoundcubeInstaller.php
+share/roundcube/vendor/roundcube/plugin-installer/src/SkinInstaller.php
+share/roundcube/vendor/roundcube/plugin-installer/test-composer/composer.json
 share/roundcube/vendor/roundcube/rtf-html-php/CHANGELOG.md
 share/roundcube/vendor/roundcube/rtf-html-php/LICENSE
 share/roundcube/vendor/roundcube/rtf-html-php/README.md

Index: pkgsrc/mail/roundcube/distinfo
diff -u pkgsrc/mail/roundcube/distinfo:1.88 pkgsrc/mail/roundcube/distinfo:1.89
--- pkgsrc/mail/roundcube/distinfo:1.88 Sun Jan 28 02:58:22 2024
+++ pkgsrc/mail/roundcube/distinfo      Wed May 22 13:15:59 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.88 2024/01/28 02:58:22 taca Exp $
+$NetBSD: distinfo,v 1.89 2024/05/22 13:15:59 taca Exp $
 
-BLAKE2s (roundcubemail-1.6.6-complete.tar.gz) = 54291659025734460d1cb15105dcdf45aac91a63b250497c6f7ccf3956377a26
-SHA512 (roundcubemail-1.6.6-complete.tar.gz) = e5d7b187c444c0aec231c41d8c4cc80c388d86cc5d6689d5183a61c8913749239c5efcad5725fbb97efcdcaf2dd0235cd6a827b3deb94065da42dbb03a9bca6b
-Size (roundcubemail-1.6.6-complete.tar.gz) = 5895753 bytes
+BLAKE2s (roundcubemail-1.6.7-complete.tar.gz) = cd89e4c9500375fc3dc87bace42ea98a100732b944f507915fd71a888d554d2c
+SHA512 (roundcubemail-1.6.7-complete.tar.gz) = aedc940e769e881d448eced2ef0b603c87f9a9e18624cae4d14a946e6f9509c827f75e6fb294a760970e37caa9ab0bfb0a7ec8843b12542f59f350948d2d8d3b
+Size (roundcubemail-1.6.7-complete.tar.gz) = 5899345 bytes
 SHA1 (patch-config_config.inc.php.sample) = 92a48a97b16fe3f5f4b9441fce762a559d8daca7
 SHA1 (patch-program_include_iniset.php) = 8a6c13c0c87d583ed60e43c01a4173d9d802a6a1
 SHA1 (patch-program_lib_Roundcube_rcube__mime.php) = bfefc6850d3db230dd4224491e895fe25a32e87a

Index: pkgsrc/mail/roundcube-plugin-password/distinfo
diff -u pkgsrc/mail/roundcube-plugin-password/distinfo:1.36 pkgsrc/mail/roundcube-plugin-password/distinfo:1.37
--- pkgsrc/mail/roundcube-plugin-password/distinfo:1.36 Sun Jan 28 02:58:22 2024
+++ pkgsrc/mail/roundcube-plugin-password/distinfo      Wed May 22 13:15:59 2024
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.36 2024/01/28 02:58:22 taca Exp $
+$NetBSD: distinfo,v 1.37 2024/05/22 13:15:59 taca Exp $
 
-BLAKE2s (roundcubemail-1.6.6-complete.tar.gz) = 54291659025734460d1cb15105dcdf45aac91a63b250497c6f7ccf3956377a26
-SHA512 (roundcubemail-1.6.6-complete.tar.gz) = e5d7b187c444c0aec231c41d8c4cc80c388d86cc5d6689d5183a61c8913749239c5efcad5725fbb97efcdcaf2dd0235cd6a827b3deb94065da42dbb03a9bca6b
-Size (roundcubemail-1.6.6-complete.tar.gz) = 5895753 bytes
+BLAKE2s (roundcubemail-1.6.7-complete.tar.gz) = cd89e4c9500375fc3dc87bace42ea98a100732b944f507915fd71a888d554d2c
+SHA512 (roundcubemail-1.6.7-complete.tar.gz) = aedc940e769e881d448eced2ef0b603c87f9a9e18624cae4d14a946e6f9509c827f75e6fb294a760970e37caa9ab0bfb0a7ec8843b12542f59f350948d2d8d3b
+Size (roundcubemail-1.6.7-complete.tar.gz) = 5899345 bytes
 SHA1 (patch-plugins_password_helpers_passwd-expect) = 15e427a3c90bf7c0437a023b3f099abb5a139165
Home | Main Index | Thread Index | Old Index