pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/mail
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 8 17:05:03 UTC 2024
Modified Files:
pkgsrc/mail/roundcube: Makefile.common distinfo
pkgsrc/mail/roundcube-plugin-password: distinfo
Log Message:
mail/roundcube: update to 1.6.8
1.6.8 (2024-08-04)
This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides fixes to recently reported security vulnerabilities:
* Fix XSS vulnerability in post-processing of sanitized HTML content
[CVE-2024-42009]
* Fix XSS vulnerability in serving of attachments other than HTML or SVG
[CVE-2024-42008]
* Fix information leak (access to remote content) via insufficient CSS
filtering [CVE-2024-42010]
Credits to Oskar Zeino-Mahmalat (Sonar) for all these findings and thanks
for providing a very detailed report in a private communication.
This version is considered stable and we recommend to update all productive
installations of Roundcube 1.6.x with it. Please do backup your data before
updating!
CHANGELOG
* Managesieve: Protect special scripts in managesieve_kolab_master mode
* Fix newmail_notifier notification focus in Chrome (#9467)
* Fix fatal error when parsing some TNEF attachments (#9462)
* Fix double scrollbar when composing a mail with many plain text lines
(#7760)
* Fix decoding mail parts with multiple base64-encoded text blocks (#9290)
* Fix bug where some messages could get malformed in an import from a MBOX
file (#9510)
* Fix invalid line break characters in multi-line text in Sieve scripts
(#9543)
* Fix bug where "with attachment" filter could fail on some fts engines
(#9514)
* Fix bug where an unhandled exception was caused by an invalid image
attachment (#9475)
* Fix bug where a long subject title could not be displayed in some cases
(#9416)
* Fix infinite loop when parsing malformed Sieve script (#9562)
* Fix bug where imap_conn_option's 'socket' was ignored (#9566)
* Fix XSS vulnerability in post-processing of sanitized HTML content
[CVE-2024-42009]
* Fix XSS vulnerability in serving of attachments other than HTML or SVG
[CVE-2024-42008]
* Fix information leak (access to remote content) via insufficient CSS
filtering [CVE-2024-42010]
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/mail/roundcube/Makefile.common
cvs rdiff -u -r1.89 -r1.90 pkgsrc/mail/roundcube/distinfo
cvs rdiff -u -r1.37 -r1.38 pkgsrc/mail/roundcube-plugin-password/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/mail/roundcube/Makefile.common
diff -u pkgsrc/mail/roundcube/Makefile.common:1.35 pkgsrc/mail/roundcube/Makefile.common:1.36
--- pkgsrc/mail/roundcube/Makefile.common:1.35 Wed May 22 13:15:59 2024
+++ pkgsrc/mail/roundcube/Makefile.common Thu Aug 8 17:05:03 2024
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.35 2024/05/22 13:15:59 taca Exp $
+# $NetBSD: Makefile.common,v 1.36 2024/08/08 17:05:03 taca Exp $
#
# used by mail/roundcube/Makefile
# used by mail/roundcube/plugins.mk
@@ -10,7 +10,7 @@ GITHUB_PROJECT= roundcubemail
GITHUB_RELEASE= ${RC_VERS}
HOMEPAGE= https://roundcube.net/
-RC_VERS= 1.6.7
+RC_VERS= 1.6.8
USE_LANGUAGES= # none
USE_TOOLS+= pax
Index: pkgsrc/mail/roundcube/distinfo
diff -u pkgsrc/mail/roundcube/distinfo:1.89 pkgsrc/mail/roundcube/distinfo:1.90
--- pkgsrc/mail/roundcube/distinfo:1.89 Wed May 22 13:15:59 2024
+++ pkgsrc/mail/roundcube/distinfo Thu Aug 8 17:05:03 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.89 2024/05/22 13:15:59 taca Exp $
+$NetBSD: distinfo,v 1.90 2024/08/08 17:05:03 taca Exp $
-BLAKE2s (roundcubemail-1.6.7-complete.tar.gz) = cd89e4c9500375fc3dc87bace42ea98a100732b944f507915fd71a888d554d2c
-SHA512 (roundcubemail-1.6.7-complete.tar.gz) = aedc940e769e881d448eced2ef0b603c87f9a9e18624cae4d14a946e6f9509c827f75e6fb294a760970e37caa9ab0bfb0a7ec8843b12542f59f350948d2d8d3b
-Size (roundcubemail-1.6.7-complete.tar.gz) = 5899345 bytes
+BLAKE2s (roundcubemail-1.6.8-complete.tar.gz) = 956cd81a957d2e25a428419782b434761aaf39fdd942e1471873cec852ead7fd
+SHA512 (roundcubemail-1.6.8-complete.tar.gz) = 91bf08d5c2643b81efee87cae7045adad7fd6867bef6847ff64eac2490d84b38d08a8c6622fb947da67ecd43eaecb83ab4f3b5ebecc75e9f6dd511db6eb88128
+Size (roundcubemail-1.6.8-complete.tar.gz) = 5899212 bytes
SHA1 (patch-config_config.inc.php.sample) = 92a48a97b16fe3f5f4b9441fce762a559d8daca7
SHA1 (patch-program_include_iniset.php) = 8a6c13c0c87d583ed60e43c01a4173d9d802a6a1
SHA1 (patch-program_lib_Roundcube_rcube__mime.php) = bfefc6850d3db230dd4224491e895fe25a32e87a
Index: pkgsrc/mail/roundcube-plugin-password/distinfo
diff -u pkgsrc/mail/roundcube-plugin-password/distinfo:1.37 pkgsrc/mail/roundcube-plugin-password/distinfo:1.38
--- pkgsrc/mail/roundcube-plugin-password/distinfo:1.37 Wed May 22 13:15:59 2024
+++ pkgsrc/mail/roundcube-plugin-password/distinfo Thu Aug 8 17:05:03 2024
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.37 2024/05/22 13:15:59 taca Exp $
+$NetBSD: distinfo,v 1.38 2024/08/08 17:05:03 taca Exp $
-BLAKE2s (roundcubemail-1.6.7-complete.tar.gz) = cd89e4c9500375fc3dc87bace42ea98a100732b944f507915fd71a888d554d2c
-SHA512 (roundcubemail-1.6.7-complete.tar.gz) = aedc940e769e881d448eced2ef0b603c87f9a9e18624cae4d14a946e6f9509c827f75e6fb294a760970e37caa9ab0bfb0a7ec8843b12542f59f350948d2d8d3b
-Size (roundcubemail-1.6.7-complete.tar.gz) = 5899345 bytes
+BLAKE2s (roundcubemail-1.6.8-complete.tar.gz) = 956cd81a957d2e25a428419782b434761aaf39fdd942e1471873cec852ead7fd
+SHA512 (roundcubemail-1.6.8-complete.tar.gz) = 91bf08d5c2643b81efee87cae7045adad7fd6867bef6847ff64eac2490d84b38d08a8c6622fb947da67ecd43eaecb83ab4f3b5ebecc75e9f6dd511db6eb88128
+Size (roundcubemail-1.6.8-complete.tar.gz) = 5899212 bytes
SHA1 (patch-plugins_password_helpers_passwd-expect) = 15e427a3c90bf7c0437a023b3f099abb5a139165
Home |
Main Index |
Thread Index |
Old Index