pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2018Q1] pkgsrc/mail

Module Name:    pkgsrc
Committed By:   spz
Date:           Sun May  6 08:40:13 UTC 2018

Modified Files:
        pkgsrc/mail/roundcube [pkgsrc-2018Q1]: Makefile.common distinfo
        pkgsrc/mail/roundcube-plugin-enigma [pkgsrc-2018Q1]: distinfo
        pkgsrc/mail/roundcube-plugin-password [pkgsrc-2018Q1]: distinfo
        pkgsrc/mail/roundcube-plugin-zipdownload [pkgsrc-2018Q1]: distinfo

Log Message:
Pullup ticket #5739 - requested by bsiegert
mail/roundcube: security update
mail/roundcube-plugin-enigma: security update
mail/roundcube-plugin-password: security update
mail/roundcube-plugin-zipdownload: security update

Revisions pulled up:
- mail/roundcube-plugin-enigma/distinfo                         1.8
- mail/roundcube-plugin-password/distinfo                       1.8
- mail/roundcube-plugin-zipdownload/distinfo                    1.8
- mail/roundcube/Makefile.common                                1.8
- mail/roundcube/distinfo                                       1.59

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Mon Apr 23 13:55:00 UTC 2018

   Modified Files:
            pkgsrc/mail/roundcube: Makefile.common distinfo
            pkgsrc/mail/roundcube-plugin-enigma: distinfo
            pkgsrc/mail/roundcube-plugin-password: distinfo
            pkgsrc/mail/roundcube-plugin-zipdownload: distinfo

   Log Message:
   mail/roundcube: update to 1.2.8

   This is a security update to the stable version 1.2.  It fixes a recently
   reported vulnerability allowing IMAP command injection via a GET parameters.
   More details about this are published under CVE-2018-9846.

   The second fix is about a missed remote content blocking on HTML messages
   with
   specially crafted image and style tags.

   We strongly recommend to update all productive installations of Roundcube
   1.2.x.  Please do backup your data before updating!

   CHANGELOG

   * Fix check_request() bypass in places using get_uids() [CVE-2018-9846]
      (#6238)

   * Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)

   * Fix security issue in remote content blocking on HTML image and style tags
      (#6178)

   To generate a diff of this commit:
   cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube/Makefile.common
   cvs rdiff -u -r1.58 -r1.59 pkgsrc/mail/roundcube/distinfo
   cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube-plugin-enigma/distinfo
   cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube-plugin-password/distinfo
   cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube-plugin-zipdownload/distinfo


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.7.4.1 pkgsrc/mail/roundcube/Makefile.common
cvs rdiff -u -r1.58 -r1.58.4.1 pkgsrc/mail/roundcube/distinfo
cvs rdiff -u -r1.7 -r1.7.4.1 pkgsrc/mail/roundcube-plugin-enigma/distinfo
cvs rdiff -u -r1.7 -r1.7.4.1 pkgsrc/mail/roundcube-plugin-password/distinfo
cvs rdiff -u -r1.7 -r1.7.4.1 \
    pkgsrc/mail/roundcube-plugin-zipdownload/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: pkgsrc/mail/roundcube/Makefile.common
diff -u pkgsrc/mail/roundcube/Makefile.common:1.7 pkgsrc/mail/roundcube/Makefile.common:1.7.4.1
--- pkgsrc/mail/roundcube/Makefile.common:1.7   Thu Nov  9 01:13:11 2017
+++ pkgsrc/mail/roundcube/Makefile.common       Sun May  6 08:40:13 2018
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.7 2017/11/09 01:13:11 taca Exp $
+# $NetBSD: Makefile.common,v 1.7.4.1 2018/05/06 08:40:13 spz Exp $
 #
 # used by mail/roundcube/Makefile
 # used by mail/roundcube/plugins.mk
@@ -9,7 +9,7 @@ MASTER_SITES=   ${MASTER_SITE_GITHUB:=roun
 GITHUB_PROJECT=        roundcubemail
 HOMEPAGE=      http://roundcube.net/
 
-RC_VERS=       1.2.7
+RC_VERS=       1.2.8
 
 USE_LANGUAGES=         # none
 USE_TOOLS+=            pax

Index: pkgsrc/mail/roundcube/distinfo
diff -u pkgsrc/mail/roundcube/distinfo:1.58 pkgsrc/mail/roundcube/distinfo:1.58.4.1
--- pkgsrc/mail/roundcube/distinfo:1.58 Thu Nov  9 01:13:11 2017
+++ pkgsrc/mail/roundcube/distinfo      Sun May  6 08:40:13 2018
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.58 2017/11/09 01:13:11 taca Exp $
+$NetBSD: distinfo,v 1.58.4.1 2018/05/06 08:40:13 spz Exp $
 
-SHA1 (roundcubemail-1.2.7.tar.gz) = b5aa5303e0e940da2117802c7ffd22dc265c4699
-RMD160 (roundcubemail-1.2.7.tar.gz) = 7d24ca42391a62d494b0615e92203596f5573761
-SHA512 (roundcubemail-1.2.7.tar.gz) = ef8058e004a89cb83119972e7fd765920c7cfe8e5157c305b782cda1fead1a01335f5182b45930e409a070aadcf440635b9dc7c41df215d904cbaea0a0ed4191
-Size (roundcubemail-1.2.7.tar.gz) = 3539187 bytes
+SHA1 (roundcubemail-1.2.8.tar.gz) = cb804e99caaef0f53f49558a94e05f2eb47c9548
+RMD160 (roundcubemail-1.2.8.tar.gz) = 8c45095f24bf89ab2842439fae986dde32c1f979
+SHA512 (roundcubemail-1.2.8.tar.gz) = 1686020ecaac947b31dc69499d4eb80be2622b32e59f8918171cd88be23bedcb159b3e71574b28ec9e0e3a7b33326a2713a873d77cceaf11dbcf279b2f906b4c
+Size (roundcubemail-1.2.8.tar.gz) = 3538739 bytes
 SHA1 (patch-ac) = 235116580665d5d58edc218c063b41171a2d9227
 SHA1 (patch-af) = 1f95a7005569207469563aa37ff48da0383b7668
 SHA1 (patch-config_config.inc.php.sample) = 1c9751ba36394d592e7d3cdcc705010e0a4adda9

Index: pkgsrc/mail/roundcube-plugin-enigma/distinfo
diff -u pkgsrc/mail/roundcube-plugin-enigma/distinfo:1.7 pkgsrc/mail/roundcube-plugin-enigma/distinfo:1.7.4.1
--- pkgsrc/mail/roundcube-plugin-enigma/distinfo:1.7    Thu Nov  9 01:13:11 2017
+++ pkgsrc/mail/roundcube-plugin-enigma/distinfo        Sun May  6 08:40:13 2018
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.7 2017/11/09 01:13:11 taca Exp $
+$NetBSD: distinfo,v 1.7.4.1 2018/05/06 08:40:13 spz Exp $
 
-SHA1 (roundcubemail-1.2.7.tar.gz) = b5aa5303e0e940da2117802c7ffd22dc265c4699
-RMD160 (roundcubemail-1.2.7.tar.gz) = 7d24ca42391a62d494b0615e92203596f5573761
-SHA512 (roundcubemail-1.2.7.tar.gz) = ef8058e004a89cb83119972e7fd765920c7cfe8e5157c305b782cda1fead1a01335f5182b45930e409a070aadcf440635b9dc7c41df215d904cbaea0a0ed4191
-Size (roundcubemail-1.2.7.tar.gz) = 3539187 bytes
+SHA1 (roundcubemail-1.2.8.tar.gz) = cb804e99caaef0f53f49558a94e05f2eb47c9548
+RMD160 (roundcubemail-1.2.8.tar.gz) = 8c45095f24bf89ab2842439fae986dde32c1f979
+SHA512 (roundcubemail-1.2.8.tar.gz) = 1686020ecaac947b31dc69499d4eb80be2622b32e59f8918171cd88be23bedcb159b3e71574b28ec9e0e3a7b33326a2713a873d77cceaf11dbcf279b2f906b4c
+Size (roundcubemail-1.2.8.tar.gz) = 3538739 bytes

Index: pkgsrc/mail/roundcube-plugin-password/distinfo
diff -u pkgsrc/mail/roundcube-plugin-password/distinfo:1.7 pkgsrc/mail/roundcube-plugin-password/distinfo:1.7.4.1
--- pkgsrc/mail/roundcube-plugin-password/distinfo:1.7  Thu Nov  9 01:13:11 2017
+++ pkgsrc/mail/roundcube-plugin-password/distinfo      Sun May  6 08:40:13 2018
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.7 2017/11/09 01:13:11 taca Exp $
+$NetBSD: distinfo,v 1.7.4.1 2018/05/06 08:40:13 spz Exp $
 
-SHA1 (roundcubemail-1.2.7.tar.gz) = b5aa5303e0e940da2117802c7ffd22dc265c4699
-RMD160 (roundcubemail-1.2.7.tar.gz) = 7d24ca42391a62d494b0615e92203596f5573761
-SHA512 (roundcubemail-1.2.7.tar.gz) = ef8058e004a89cb83119972e7fd765920c7cfe8e5157c305b782cda1fead1a01335f5182b45930e409a070aadcf440635b9dc7c41df215d904cbaea0a0ed4191
-Size (roundcubemail-1.2.7.tar.gz) = 3539187 bytes
+SHA1 (roundcubemail-1.2.8.tar.gz) = cb804e99caaef0f53f49558a94e05f2eb47c9548
+RMD160 (roundcubemail-1.2.8.tar.gz) = 8c45095f24bf89ab2842439fae986dde32c1f979
+SHA512 (roundcubemail-1.2.8.tar.gz) = 1686020ecaac947b31dc69499d4eb80be2622b32e59f8918171cd88be23bedcb159b3e71574b28ec9e0e3a7b33326a2713a873d77cceaf11dbcf279b2f906b4c
+Size (roundcubemail-1.2.8.tar.gz) = 3538739 bytes

Index: pkgsrc/mail/roundcube-plugin-zipdownload/distinfo
diff -u pkgsrc/mail/roundcube-plugin-zipdownload/distinfo:1.7 pkgsrc/mail/roundcube-plugin-zipdownload/distinfo:1.7.4.1
--- pkgsrc/mail/roundcube-plugin-zipdownload/distinfo:1.7       Thu Nov  9 01:13:11 2017
+++ pkgsrc/mail/roundcube-plugin-zipdownload/distinfo   Sun May  6 08:40:13 2018
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.7 2017/11/09 01:13:11 taca Exp $
+$NetBSD: distinfo,v 1.7.4.1 2018/05/06 08:40:13 spz Exp $
 
-SHA1 (roundcubemail-1.2.7.tar.gz) = b5aa5303e0e940da2117802c7ffd22dc265c4699
-RMD160 (roundcubemail-1.2.7.tar.gz) = 7d24ca42391a62d494b0615e92203596f5573761
-SHA512 (roundcubemail-1.2.7.tar.gz) = ef8058e004a89cb83119972e7fd765920c7cfe8e5157c305b782cda1fead1a01335f5182b45930e409a070aadcf440635b9dc7c41df215d904cbaea0a0ed4191
-Size (roundcubemail-1.2.7.tar.gz) = 3539187 bytes
+SHA1 (roundcubemail-1.2.8.tar.gz) = cb804e99caaef0f53f49558a94e05f2eb47c9548
+RMD160 (roundcubemail-1.2.8.tar.gz) = 8c45095f24bf89ab2842439fae986dde32c1f979
+SHA512 (roundcubemail-1.2.8.tar.gz) = 1686020ecaac947b31dc69499d4eb80be2622b32e59f8918171cd88be23bedcb159b3e71574b28ec9e0e3a7b33326a2713a873d77cceaf11dbcf279b2f906b4c
+Size (roundcubemail-1.2.8.tar.gz) = 3538739 bytes
Home | Main Index | Thread Index | Old Index