pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2024Q1] pkgsrc/mail



Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Sun Jun 23 16:12:08 UTC 2024

Modified Files:
        pkgsrc/mail/roundcube [pkgsrc-2024Q1]: Makefile.common PLIST distinfo
        pkgsrc/mail/roundcube-plugin-password [pkgsrc-2024Q1]: distinfo

Log Message:
Pullup ticket #6864 - requested by taca
mail/roundcube: security fix

Revisions pulled up:
- mail/roundcube-plugin-password/distinfo                       1.37
- mail/roundcube/Makefile.common                                1.35
- mail/roundcube/PLIST                                          1.57
- mail/roundcube/distinfo                                       1.89

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Wed May 22 13:15:59 UTC 2024

   Modified Files:
        pkgsrc/mail/roundcube: Makefile.common PLIST distinfo
        pkgsrc/mail/roundcube-plugin-password: distinfo

   Log Message:
   mail/roundcube: update to 1.6.7

   1.6.7 (2024-05-19)

   This is a security update to the stable version 1.6 of Roundcube Webmail.
   It provides a fix to a recently reported XSS vulnerabilities:

   * Fix cross-site scripting (XSS) vulnerability in handling SVG animate
     attributes.
   * Reported by Valentin T. and Lutz Wolf of CrowdStrike.
   * Fix cross-site scripting (XSS) vulnerability in handling list columns from
     user preferences.
   * Reported by Huy Nguyễn Phạm Nhật.
   * Fix command injection via crafted im_convert_path/im_identify_path on Windows.
   * Reported by Huy Nguyễn Phạm Nhật.

   This version is considered stable and we recommend to update all productive
   installations of Roundcube 1.6.x with it.  Please do backup your data before
   updating!

   CHANGELOG

   * Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
   * Fix bug where HTML entities in URLs were not decoded on HTML to plain text
     conversion (#9312)
   * Fix bug in collapsing/expanding folders with some special characters in
     names (#9324)
   * Fix PHP8 warnings (#9363, #9365, #9429)
   * Fix missing field labels in CSV import, for some locales (#9393)
   * Fix cross-site scripting (XSS) vulnerability in handling SVG animate
     attributes
   * Fix cross-site scripting (XSS) vulnerability in handling list columns from
     user preferences
   * Fix command injection via crafted im_convert_path/im_identify_path on
     Windows


To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.34.2.1 pkgsrc/mail/roundcube/Makefile.common
cvs rdiff -u -r1.56 -r1.56.2.1 pkgsrc/mail/roundcube/PLIST
cvs rdiff -u -r1.88 -r1.88.2.1 pkgsrc/mail/roundcube/distinfo
cvs rdiff -u -r1.36 -r1.36.2.1 pkgsrc/mail/roundcube-plugin-password/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mail/roundcube/Makefile.common
diff -u pkgsrc/mail/roundcube/Makefile.common:1.34 pkgsrc/mail/roundcube/Makefile.common:1.34.2.1
--- pkgsrc/mail/roundcube/Makefile.common:1.34  Sun Jan 28 02:58:22 2024
+++ pkgsrc/mail/roundcube/Makefile.common       Sun Jun 23 16:12:08 2024
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.34 2024/01/28 02:58:22 taca Exp $
+# $NetBSD: Makefile.common,v 1.34.2.1 2024/06/23 16:12:08 bsiegert Exp $
 #
 # used by mail/roundcube/Makefile
 # used by mail/roundcube/plugins.mk
@@ -10,7 +10,7 @@ GITHUB_PROJECT=       roundcubemail
 GITHUB_RELEASE=        ${RC_VERS}
 HOMEPAGE=      https://roundcube.net/
 
-RC_VERS=       1.6.6
+RC_VERS=       1.6.7
 
 USE_LANGUAGES=         # none
 USE_TOOLS+=            pax

Index: pkgsrc/mail/roundcube/PLIST
diff -u pkgsrc/mail/roundcube/PLIST:1.56 pkgsrc/mail/roundcube/PLIST:1.56.2.1
--- pkgsrc/mail/roundcube/PLIST:1.56    Sun Jan 28 02:58:22 2024
+++ pkgsrc/mail/roundcube/PLIST Sun Jun 23 16:12:08 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.56 2024/01/28 02:58:22 taca Exp $
+@comment $NetBSD: PLIST,v 1.56.2.1 2024/06/23 16:12:08 bsiegert Exp $
 share/doc/roundcube/CHANGELOG.md
 share/doc/roundcube/INSTALL
 share/doc/roundcube/LICENSE
@@ -2316,7 +2316,6 @@ share/roundcube/vendor/pear/pear-core-mi
 share/roundcube/vendor/pear/pear-core-minimal/composer.json
 share/roundcube/vendor/pear/pear-core-minimal/src/OS/Guess.php
 share/roundcube/vendor/pear/pear-core-minimal/src/PEAR.php
-share/roundcube/vendor/pear/pear-core-minimal/src/PEAR/Error.php
 share/roundcube/vendor/pear/pear-core-minimal/src/PEAR/ErrorStack.php
 share/roundcube/vendor/pear/pear-core-minimal/src/System.php
 share/roundcube/vendor/pear/pear_exception/LICENSE
@@ -2356,12 +2355,15 @@ share/roundcube/vendor/ralouphie/getallh
 share/roundcube/vendor/ralouphie/getallheaders/README.md
 share/roundcube/vendor/ralouphie/getallheaders/composer.json
 share/roundcube/vendor/ralouphie/getallheaders/src/getallheaders.php
+share/roundcube/vendor/roundcube/plugin-installer/.php-cs-fixer.dist.php
 share/roundcube/vendor/roundcube/plugin-installer/README.md
 share/roundcube/vendor/roundcube/plugin-installer/composer.json
-share/roundcube/vendor/roundcube/plugin-installer/src/Roundcube/Composer/ExtensionInstaller.php
-share/roundcube/vendor/roundcube/plugin-installer/src/Roundcube/Composer/PluginInstaller.php
-share/roundcube/vendor/roundcube/plugin-installer/src/Roundcube/Composer/RoundcubeInstaller.php
-share/roundcube/vendor/roundcube/plugin-installer/src/Roundcube/Composer/SkinInstaller.php
+share/roundcube/vendor/roundcube/plugin-installer/phpstan.neon.dist
+share/roundcube/vendor/roundcube/plugin-installer/src/ExtensionInstaller.php
+share/roundcube/vendor/roundcube/plugin-installer/src/PluginInstaller.php
+share/roundcube/vendor/roundcube/plugin-installer/src/RoundcubeInstaller.php
+share/roundcube/vendor/roundcube/plugin-installer/src/SkinInstaller.php
+share/roundcube/vendor/roundcube/plugin-installer/test-composer/composer.json
 share/roundcube/vendor/roundcube/rtf-html-php/CHANGELOG.md
 share/roundcube/vendor/roundcube/rtf-html-php/LICENSE
 share/roundcube/vendor/roundcube/rtf-html-php/README.md

Index: pkgsrc/mail/roundcube/distinfo
diff -u pkgsrc/mail/roundcube/distinfo:1.88 pkgsrc/mail/roundcube/distinfo:1.88.2.1
--- pkgsrc/mail/roundcube/distinfo:1.88 Sun Jan 28 02:58:22 2024
+++ pkgsrc/mail/roundcube/distinfo      Sun Jun 23 16:12:08 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.88 2024/01/28 02:58:22 taca Exp $
+$NetBSD: distinfo,v 1.88.2.1 2024/06/23 16:12:08 bsiegert Exp $
 
-BLAKE2s (roundcubemail-1.6.6-complete.tar.gz) = 54291659025734460d1cb15105dcdf45aac91a63b250497c6f7ccf3956377a26
-SHA512 (roundcubemail-1.6.6-complete.tar.gz) = e5d7b187c444c0aec231c41d8c4cc80c388d86cc5d6689d5183a61c8913749239c5efcad5725fbb97efcdcaf2dd0235cd6a827b3deb94065da42dbb03a9bca6b
-Size (roundcubemail-1.6.6-complete.tar.gz) = 5895753 bytes
+BLAKE2s (roundcubemail-1.6.7-complete.tar.gz) = cd89e4c9500375fc3dc87bace42ea98a100732b944f507915fd71a888d554d2c
+SHA512 (roundcubemail-1.6.7-complete.tar.gz) = aedc940e769e881d448eced2ef0b603c87f9a9e18624cae4d14a946e6f9509c827f75e6fb294a760970e37caa9ab0bfb0a7ec8843b12542f59f350948d2d8d3b
+Size (roundcubemail-1.6.7-complete.tar.gz) = 5899345 bytes
 SHA1 (patch-config_config.inc.php.sample) = 92a48a97b16fe3f5f4b9441fce762a559d8daca7
 SHA1 (patch-program_include_iniset.php) = 8a6c13c0c87d583ed60e43c01a4173d9d802a6a1
 SHA1 (patch-program_lib_Roundcube_rcube__mime.php) = bfefc6850d3db230dd4224491e895fe25a32e87a

Index: pkgsrc/mail/roundcube-plugin-password/distinfo
diff -u pkgsrc/mail/roundcube-plugin-password/distinfo:1.36 pkgsrc/mail/roundcube-plugin-password/distinfo:1.36.2.1
--- pkgsrc/mail/roundcube-plugin-password/distinfo:1.36 Sun Jan 28 02:58:22 2024
+++ pkgsrc/mail/roundcube-plugin-password/distinfo      Sun Jun 23 16:12:08 2024
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.36 2024/01/28 02:58:22 taca Exp $
+$NetBSD: distinfo,v 1.36.2.1 2024/06/23 16:12:08 bsiegert Exp $
 
-BLAKE2s (roundcubemail-1.6.6-complete.tar.gz) = 54291659025734460d1cb15105dcdf45aac91a63b250497c6f7ccf3956377a26
-SHA512 (roundcubemail-1.6.6-complete.tar.gz) = e5d7b187c444c0aec231c41d8c4cc80c388d86cc5d6689d5183a61c8913749239c5efcad5725fbb97efcdcaf2dd0235cd6a827b3deb94065da42dbb03a9bca6b
-Size (roundcubemail-1.6.6-complete.tar.gz) = 5895753 bytes
+BLAKE2s (roundcubemail-1.6.7-complete.tar.gz) = cd89e4c9500375fc3dc87bace42ea98a100732b944f507915fd71a888d554d2c
+SHA512 (roundcubemail-1.6.7-complete.tar.gz) = aedc940e769e881d448eced2ef0b603c87f9a9e18624cae4d14a946e6f9509c827f75e6fb294a760970e37caa9ab0bfb0a7ec8843b12542f59f350948d2d8d3b
+Size (roundcubemail-1.6.7-complete.tar.gz) = 5899345 bytes
 SHA1 (patch-plugins_password_helpers_passwd-expect) = 15e427a3c90bf7c0437a023b3f099abb5a139165



Home | Main Index | Thread Index | Old Index