[pkgsrc/trunk]: pkgsrc/mail/roundcube Update security path for CVE-2016-5103 ...

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c17922510e79
branches:  trunk
changeset: 347678:c17922510e79
user:      taca <taca%pkgsrc.org@localhost>
date:      Thu May 26 23:22:17 2016 +0000

description:
Update security path for CVE-2016-5103 (XSS) from upstream.

Bump PKGREVISION.

diffstat:

 mail/roundcube/Makefile                                               |   3 +-
 mail/roundcube/distinfo                                               |   3 +-
 mail/roundcube/patches/patch-program_lib_Roundcube_rcube__washtml.php |  15 ++++++++++
 3 files changed, 19 insertions(+), 2 deletions(-)

diffs (47 lines):

diff -r 12c000a2efb5 -r c17922510e79 mail/roundcube/Makefile
--- a/mail/roundcube/Makefile   Thu May 26 23:03:13 2016 +0000
+++ b/mail/roundcube/Makefile   Thu May 26 23:22:17 2016 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.81 2016/05/26 03:20:37 taca Exp $
+# $NetBSD: Makefile,v 1.82 2016/05/26 23:22:17 taca Exp $
 
 DISTNAME=      roundcubemail-1.1.5
 PKGNAME=       ${PHP_PKG_PREFIX}-${DISTNAME:S/mail-/-/}
+PKGREVISION=   1
 CATEGORIES=    mail
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=roundcubemail/}
 
diff -r 12c000a2efb5 -r c17922510e79 mail/roundcube/distinfo
--- a/mail/roundcube/distinfo   Thu May 26 23:03:13 2016 +0000
+++ b/mail/roundcube/distinfo   Thu May 26 23:22:17 2016 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.49 2016/05/26 03:20:37 taca Exp $
+$NetBSD: distinfo,v 1.50 2016/05/26 23:22:17 taca Exp $
 
 SHA1 (roundcubemail-1.1.5.tar.gz) = d0843b592a810435dff49aa615fd3075691ca18d
 RMD160 (roundcubemail-1.1.5.tar.gz) = b716851dc55fa88553ad06c21e8c8080416303f1
@@ -7,4 +7,5 @@
 SHA1 (patch-ac) = 235116580665d5d58edc218c063b41171a2d9227
 SHA1 (patch-af) = 1f95a7005569207469563aa37ff48da0383b7668
 SHA1 (patch-plugins_password_helpers_passwd-expect) = 9e0082f23e37bbab26e8bb1439668132d5aacca2
+SHA1 (patch-program_lib_Roundcube_rcube__washtml.php) = 3a38804d81ead4cd0271befaacc370e78c103b7a
 SHA1 (patch-rcube_mime_default) = fe6ff1bea0a2c4223b34e44a6d0ca76e6476d2aa
diff -r 12c000a2efb5 -r c17922510e79 mail/roundcube/patches/patch-program_lib_Roundcube_rcube__washtml.php
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/roundcube/patches/patch-program_lib_Roundcube_rcube__washtml.php     Thu May 26 23:22:17 2016 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-program_lib_Roundcube_rcube__washtml.php,v 1.3 2016/05/26 23:22:17 taca Exp $
+
+Fix CVE-2016-5103, XSS from upstream.
+
+--- program/lib/Roundcube/rcube_washtml.php.orig       2016-04-17 16:22:20.000000000 +0000
++++ program/lib/Roundcube/rcube_washtml.php
+@@ -370,7 +370,7 @@ class rcube_washtml
+      */
+     private function is_link_attribute($tag, $attr)
+     {
+-        return $tag == 'a' && $attr == 'href';
++        return ($tag == 'a' || $tag == 'area') && $attr == 'href';
+     }
+ 
+     /**