pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2026Q1] pkgsrc/mail
Module Name: pkgsrc
Committed By: maya
Date: Tue Jun 9 21:41:00 UTC 2026
Modified Files:
pkgsrc/mail/roundcube [pkgsrc-2026Q1]: Makefile.common PLIST distinfo
pkgsrc/mail/roundcube-plugin-password [pkgsrc-2026Q1]: distinfo
Log Message:
Pullup ticket #7128 - requested by taca
mail/roundcube: Security fix
Revisions pulled up:
- mail/roundcube-plugin-password/distinfo 1.46
- mail/roundcube/Makefile.common 1.44
- mail/roundcube/PLIST 1.60
- mail/roundcube/distinfo 1.100-1.101
---
Module Name: pkgsrc
Committed By: taca
Date: Sun May 24 13:05:18 UTC 2026
Modified Files:
pkgsrc/mail/roundcube: Makefile.common PLIST distinfo
pkgsrc/mail/roundcube-plugin-password: distinfo
Log Message:
mail/roundcube: update to 1.6.16
1.6.16 (2026-05-14)
This is a security update to the LTS version 1.6 of Roundcube Webmail.
It provides fixes to recently reported security vulnerabilities:
* Fix stored XSS/HTML/CSS injection in subject field of the draft restore
dialog, reported by zazy
* Fix CSS injection bypass in HTML sanitizer via SVG <animate
attributeName="style">, reported by wooseokdotkim
* Fix pre-auth SQL injection in virtuser_query plugin via preg_replace
backslash escape bypass, reported by skull
* Fix SSRF bypass via specific local address URLs
* Fix local/private URL fetch bypass when remote resources were not allowed,
reported by Orange Cyberdefense Vulnerability Disclosure Team
* Fix bypass of remote image blocking via CSS var(), reported by Geame
* Fix pre-auth arbitrary file delete via redis/memcache session poisoning
bypass, reported by valent1
* Fix code injection vulnerability - remove support for code evaluation in
LDAP autovalues option, reported by Glendaenri
This version is considered stable and we recommend to update all productive
installations of Roundcube 1.6.x with it. Please do backup your data before
updating!
CHANGELOG
* Fix potential too long value in IMAP ID command (#10136)
* Security: Fix stored XSS/HTML/CSS injection in subject field of the draft
restore dialog
* Security: Fix CSS injection bypass in HTML sanitizer via SVG <animate
attributeName="style">
* Security: Fix pre-auth SQL injection in virtuser_query plugin via
preg_replace backslash escape bypass
* Security: Fix SSRF bypass via specific local address URLs
* Security: Fix bypass of remote image blocking via CSS var()
* Security: Fix local/private URL fetch bypass when remote resources were
not allowed
* Security: Fix pre-auth arbitrary file delete via redis/memcache session
poisoning bypass
* Security: Fix code injection vulnerability - remove support for code
evaluation in LDAP autovalues option
---
Module Name: pkgsrc
Committed By: taca
Date: Sun May 24 13:51:33 UTC 2026
Modified Files:
pkgsrc/mail/roundcube: distinfo
Log Message:
mail/roundcube: correct distinfo
Correct distinfo, restoring accidently removed check sums.
To generate a diff of this commit:
cvs rdiff -u -r1.42.2.1 -r1.42.2.2 pkgsrc/mail/roundcube/Makefile.common
cvs rdiff -u -r1.59 -r1.59.2.1 pkgsrc/mail/roundcube/PLIST
cvs rdiff -u -r1.98.2.1 -r1.98.2.2 pkgsrc/mail/roundcube/distinfo
cvs rdiff -u -r1.44.2.1 -r1.44.2.2 \
pkgsrc/mail/roundcube-plugin-password/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/mail/roundcube/Makefile.common
diff -u pkgsrc/mail/roundcube/Makefile.common:1.42.2.1 pkgsrc/mail/roundcube/Makefile.common:1.42.2.2
--- pkgsrc/mail/roundcube/Makefile.common:1.42.2.1 Tue Mar 31 14:36:44 2026
+++ pkgsrc/mail/roundcube/Makefile.common Tue Jun 9 21:41:00 2026
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.42.2.1 2026/03/31 14:36:44 maya Exp $
+# $NetBSD: Makefile.common,v 1.42.2.2 2026/06/09 21:41:00 maya Exp $
#
# used by mail/roundcube/Makefile
# used by mail/roundcube/plugins.mk
@@ -10,7 +10,7 @@ GITHUB_PROJECT= roundcubemail
GITHUB_RELEASE= ${RC_VERS}
HOMEPAGE= https://roundcube.net/
-RC_VERS= 1.6.15
+RC_VERS= 1.6.16
USE_LANGUAGES= # none
USE_TOOLS+= pax
Index: pkgsrc/mail/roundcube/PLIST
diff -u pkgsrc/mail/roundcube/PLIST:1.59 pkgsrc/mail/roundcube/PLIST:1.59.2.1
--- pkgsrc/mail/roundcube/PLIST:1.59 Wed Mar 18 14:58:17 2026
+++ pkgsrc/mail/roundcube/PLIST Tue Jun 9 21:41:00 2026
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.59 2026/03/18 14:58:17 taca Exp $
+@comment $NetBSD: PLIST,v 1.59.2.1 2026/06/09 21:41:00 maya Exp $
share/doc/roundcube/CHANGELOG.md
share/doc/roundcube/INSTALL
share/doc/roundcube/LICENSE
@@ -2134,6 +2134,7 @@ share/roundcube/vendor/guzzlehttp/guzzle
share/roundcube/vendor/guzzlehttp/promises/CHANGELOG.md
share/roundcube/vendor/guzzlehttp/promises/LICENSE
share/roundcube/vendor/guzzlehttp/promises/README.md
+share/roundcube/vendor/guzzlehttp/promises/UPGRADING.md
share/roundcube/vendor/guzzlehttp/promises/composer.json
share/roundcube/vendor/guzzlehttp/promises/src/AggregateException.php
share/roundcube/vendor/guzzlehttp/promises/src/CancellationException.php
@@ -2154,6 +2155,7 @@ share/roundcube/vendor/guzzlehttp/promis
share/roundcube/vendor/guzzlehttp/psr7/CHANGELOG.md
share/roundcube/vendor/guzzlehttp/psr7/LICENSE
share/roundcube/vendor/guzzlehttp/psr7/README.md
+share/roundcube/vendor/guzzlehttp/psr7/UPGRADING.md
share/roundcube/vendor/guzzlehttp/psr7/composer.json
share/roundcube/vendor/guzzlehttp/psr7/src/AppendStream.php
share/roundcube/vendor/guzzlehttp/psr7/src/BufferStream.php
Index: pkgsrc/mail/roundcube/distinfo
diff -u pkgsrc/mail/roundcube/distinfo:1.98.2.1 pkgsrc/mail/roundcube/distinfo:1.98.2.2
--- pkgsrc/mail/roundcube/distinfo:1.98.2.1 Tue Mar 31 14:36:44 2026
+++ pkgsrc/mail/roundcube/distinfo Tue Jun 9 21:41:00 2026
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.98.2.1 2026/03/31 14:36:44 maya Exp $
+$NetBSD: distinfo,v 1.98.2.2 2026/06/09 21:41:00 maya Exp $
-BLAKE2s (roundcubemail-1.6.15-complete.tar.gz) = 4cca817ff79802fd977c1df23002938feb1eae76eb597d2ed7338e2f61835c08
-SHA512 (roundcubemail-1.6.15-complete.tar.gz) = 8c99493c0008a5c498d9ad665881ce2a3d4368affb831e5af36ca65d37e643ba9aded1129ee41c576aa50d5bed2080e80ee7ec5d0f942b0f02fb48c5082f54fe
-Size (roundcubemail-1.6.15-complete.tar.gz) = 5872562 bytes
+BLAKE2s (roundcubemail-1.6.16-complete.tar.gz) = 9f6d8f810b23ba938456e8b390f2951f5f10c67a096f4851486e609deabfab18
+SHA512 (roundcubemail-1.6.16-complete.tar.gz) = 08481d09413ed71fbd31580141821a68f66d4e73bba23e630a7bb3bc0dc878af2b5172051e3f9be7beff09f5625d5443f235913ff4d87ae729f5efeb49923be3
+Size (roundcubemail-1.6.16-complete.tar.gz) = 5879804 bytes
SHA1 (patch-config_config.inc.php.sample) = 92a48a97b16fe3f5f4b9441fce762a559d8daca7
SHA1 (patch-program_include_iniset.php) = 8a6c13c0c87d583ed60e43c01a4173d9d802a6a1
SHA1 (patch-program_lib_Roundcube_rcube__mime.php) = bfefc6850d3db230dd4224491e895fe25a32e87a
Index: pkgsrc/mail/roundcube-plugin-password/distinfo
diff -u pkgsrc/mail/roundcube-plugin-password/distinfo:1.44.2.1 pkgsrc/mail/roundcube-plugin-password/distinfo:1.44.2.2
--- pkgsrc/mail/roundcube-plugin-password/distinfo:1.44.2.1 Tue Mar 31 14:36:43 2026
+++ pkgsrc/mail/roundcube-plugin-password/distinfo Tue Jun 9 21:41:00 2026
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.44.2.1 2026/03/31 14:36:43 maya Exp $
+$NetBSD: distinfo,v 1.44.2.2 2026/06/09 21:41:00 maya Exp $
-BLAKE2s (roundcubemail-1.6.15-complete.tar.gz) = 4cca817ff79802fd977c1df23002938feb1eae76eb597d2ed7338e2f61835c08
-SHA512 (roundcubemail-1.6.15-complete.tar.gz) = 8c99493c0008a5c498d9ad665881ce2a3d4368affb831e5af36ca65d37e643ba9aded1129ee41c576aa50d5bed2080e80ee7ec5d0f942b0f02fb48c5082f54fe
-Size (roundcubemail-1.6.15-complete.tar.gz) = 5872562 bytes
+BLAKE2s (roundcubemail-1.6.16-complete.tar.gz) = 9f6d8f810b23ba938456e8b390f2951f5f10c67a096f4851486e609deabfab18
+SHA512 (roundcubemail-1.6.16-complete.tar.gz) = 08481d09413ed71fbd31580141821a68f66d4e73bba23e630a7bb3bc0dc878af2b5172051e3f9be7beff09f5625d5443f235913ff4d87ae729f5efeb49923be3
+Size (roundcubemail-1.6.16-complete.tar.gz) = 5879804 bytes
SHA1 (patch-plugins_password_helpers_passwd-expect) = 15e427a3c90bf7c0437a023b3f099abb5a139165
Home |
Main Index |
Thread Index |
Old Index