kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update to 1.2.0 release.

Browse source
This commit is contained in:
Alex Dupre 2016-06-10 07:09:56 +00:00
parent 0ad4c3e037
commit 64319ea36c
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=416656
11 changed files with 155 additions and 147 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
mail/roundcube/Makefile
View file

@ -1,8 +1,7 @@
# $FreeBSD$
PORTNAME= roundcube
DISTVERSION= 1.1.5
PORTREVISION= 1
DISTVERSION= 1.2.0
PORTEPOCH= 1
CATEGORIES?= mail www
MASTER_SITES= https://github.com/roundcube/roundcubemail/releases/download/${DISTVERSION}/
@ -24,10 +23,10 @@ CPE_PRODUCT= webmail
CPE_VENDOR= roundcube
WANT_PHP_WEB= yes
USE_PHP= pcre mbstring session iconv dom xml json intl zip filter
USE_PHP= pcre mbstring session iconv dom xml json intl zip filter openssl fileinfo exif
IGNORE_WITH_PHP=70
OPTIONS_DEFINE= SSL LDAP GD PSPELL NSC DOCS
OPTIONS_DEFINE= LDAP GD PSPELL NSC DOCS
OPTIONS_SINGLE= DB
OPTIONS_SINGLE_DB= MYSQL PGSQL SQLITE
OPTIONS_DEFAULT=MYSQL
@ -35,7 +34,6 @@ OPTIONS_DEFAULT=MYSQL
MYSQL_DESC= Use MySQL backend
PGSQL_DESC= Use PostgreSQL backend
SQLITE_DESC= Use SQLite backend
SSL_DESC= Enable SSL support (imaps or google spellcheck)
LDAP_DESC= Enable LDAP support (address book)
GD_DESC= Enable GD support (image conversion)
PSPELL_DESC= Enable PSpell support (internal spellcheck)
@ -55,10 +53,6 @@ USE_PHP+= pdo_pgsql
USE_PHP+= pdo_sqlite
.endif
.if ${PORT_OPTIONS:MSSL}
USE_PHP+= openssl
.endif
.if ${PORT_OPTIONS:MLDAP}
USE_PHP+= ldap
.endif

5
mail/roundcube/distinfo
View file

@ -1,2 +1,3 @@
SHA256 (roundcubemail-1.1.5-complete.tar.gz) = 476a1d45b0592b2ad43e3e08cbc72e69ef31e33ed8a8f071f02e5a1ae3e7f334
SIZE (roundcubemail-1.1.5-complete.tar.gz) = 4581781
TIMESTAMP = 1465476478
SHA256 (roundcubemail-1.2.0-complete.tar.gz) = 574895da03b5ad78eaf0843a78e0c0ab734a9327b4ba47b72405b768cb2854cc
SIZE (roundcubemail-1.2.0-complete.tar.gz) = 3748290

19
mail/roundcube/files/patch-CVE-2016-5103
View file

@ -1,19 +0,0 @@
commit 6652367d656de7e5f404935be04e10aa281add53
Author: Aleksander Machniak <alec@alec.pl>
Date: Fri May 6 08:28:15 2016 +0200
Fix XSS issue in href attribute on area tag (#5240, #5241)
diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php
index 5938d9b..d03f04a 100644
--- program/lib/Roundcube/rcube_washtml.php
+++ program/lib/Roundcube/rcube_washtml.php
@@ -370,7 +370,7 @@ class rcube_washtml
*/
private function is_link_attribute($tag, $attr)
{
- return $tag == 'a' && $attr == 'href';
+ return ($tag == 'a' || $tag == 'area') && $attr == 'href';
}
/**

6
mail/roundcube/files/patch-INSTALL
View file

@ -1,6 +1,6 @@
--- INSTALL.orig 2015-02-08 13:43:29.000000000 +0000
+++ INSTALL 2015-02-19 12:22:34.259436291 +0000
@@ -29,7 +29,6 @@
--- INSTALL.orig 2016-05-22 11:06:47 UTC
+++ INSTALL
@@ -29,7 +29,6 @@ REQUIREMENTS
- memory_limit > 16MB (increase as suitable to support large attachments)
- file_uploads enabled (for attachment upload features)
- session.auto_start disabled

8
mail/roundcube/files/patch-config_defaults.inc.php
View file

@ -1,7 +1,7 @@
--- config/defaults.inc.php.orig 2014-04-06 14:13:09.000000000 +0000
+++ config/defaults.inc.php 2014-04-10 09:08:58.242144399 +0000
@@ -596,8 +596,8 @@
// connect to a Nox Spell Server when using 'googie' here. Therefore specify the 'spellcheck_uri'
--- config/defaults.inc.php.orig 2016-05-22 11:06:45 UTC
+++ config/defaults.inc.php
@@ -717,8 +717,8 @@ $config['spellcheck_dictionary'] = false
// You can connect to any other googie-compliant service by setting 'spellcheck_uri' accordingly.
$config['spellcheck_engine'] = 'googie';
-// For locally installed Nox Spell Server or After the Deadline services,

8
mail/roundcube/files/patch-installer_check.php
View file

@ -1,8 +1,8 @@
--- installer/check.php.orig 2012-08-06 18:18:13.000000000 +0200
+++ installer/check.php 2012-08-13 12:36:52.000000000 +0200
@@ -39,7 +39,6 @@
--- installer/check.php.orig 2016-05-22 11:06:45 UTC
+++ installer/check.php
@@ -43,7 +43,6 @@ $ini_checks = array(
'file_uploads' => 1,
'session.auto_start' => 0,
'zend.ze1_compatibility_mode' => 0,
'mbstring.func_overload' => 0,
- 'suhosin.session.encrypt' => 0,
'magic_quotes_runtime' => 0,

6
mail/roundcube/files/patch-program_lib_Roundcube_bootstrap.php
View file

@ -1,6 +1,6 @@
--- program/lib/Roundcube/bootstrap.php.orig 2014-07-07 18:18:50.261368902 +0000
+++ program/lib/Roundcube/bootstrap.php 2014-07-07 18:18:58.202127091 +0000
@@ -38,7 +38,6 @@
--- program/lib/Roundcube/bootstrap.php.orig 2016-05-22 11:06:47 UTC
+++ program/lib/Roundcube/bootstrap.php
@@ -37,7 +37,6 @@ $config = array(
// check these additional ini settings if not called via CLI
if (php_sapi_name() != 'cli') {
$config += array(

6
mail/roundcube/files/patch-program_lib_Roundcube_rcube_message.php
View file

@ -1,6 +1,6 @@
--- program/lib/Roundcube/rcube_message.php.orig 2010-11-26 13:41:16.000000000 +0100
+++ program/lib/Roundcube/rcube_message.php 2010-12-13 17:20:59.000000000 +0100
@@ -452,9 +452,7 @@
--- program/lib/Roundcube/rcube_message.php.orig 2016-05-22 11:06:47 UTC
+++ program/lib/Roundcube/rcube_message.php
@@ -766,9 +766,7 @@ class rcube_message
}
// part is a file/attachment
else if (preg_match('/^(inline|attach)/', $mail_part->disposition) ||

150
mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php
View file

@ -1,73 +1,30 @@
--- program/lib/Roundcube/rcube_session.php.orig 2015-09-22 15:24:26.400132239 +0000
+++ program/lib/Roundcube/rcube_session.php 2015-09-22 15:24:08.430133455 +0000
@@ -35,7 +35,6 @@
private $time_diff = 0;
private $reloaded = false;
private $appends = array();
- private $unsets = array();
private $gc_handlers = array();
private $cookiename = 'roundcube_sessauth';
private $vars;
@@ -46,6 +45,7 @@
private $logging = false;
private $storage;
private $memcache;
+ private $need_base64 = false;
--- program/lib/Roundcube/rcube_session.php.orig 2016-05-22 11:06:47 UTC
+++ program/lib/Roundcube/rcube_session.php
@@ -39,7 +39,6 @@ abstract class rcube_session
protected $time_diff = 0;
protected $reloaded = false;
protected $appends = array();
- protected $unsets = array();
protected $gc_enabled = 0;
protected $gc_handlers = array();
protected $cookiename = 'roundcube_sessauth';
@@ -158,7 +157,7 @@ abstract class rcube_session
/**
* Blocks session data from being written to database.
@@ -95,6 +95,9 @@
else if ($this->storage != 'php') {
ini_set('session.serialize_handler', 'php');
+ if (ini_get("suhosin.session.encrypt") !== "1")
+ $this->need_base64 = true;
+
// set custom functions for PHP session management
session_set_save_handler(
array($this, 'open'),
@@ -192,7 +195,7 @@
$this->time_diff = time() - strtotime($sql_arr['ts']);
$this->changed = strtotime($sql_arr['changed']);
$this->ip = $sql_arr['ip'];
- $this->vars = base64_decode($sql_arr['vars']);
+ $this->vars = $this->_decode($sql_arr['vars']);
$this->key = $key;
return !empty($this->vars) ? (string) $this->vars : '';
@@ -232,12 +235,12 @@
}
if ($oldvars !== null) {
// if there are cached vars, update store, else insert new data
if ($oldvars) {
- $newvars = $this->_fixvars($vars, $oldvars);
+ $newvars = $vars;
if ($newvars !== $oldvars) {
$this->db->query("UPDATE {$this->table_name} "
. "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?",
- base64_encode($newvars), $key);
+ $this->_encode($newvars), $key);
}
else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) {
$this->db->query("UPDATE {$this->table_name} SET `changed` = $now"
@@ -248,44 +251,30 @@
$this->db->query("INSERT INTO {$this->table_name}"
. " (`sess_id`, `vars`, `ip`, `created`, `changed`)"
. " VALUES (?, ?, ?, $now, $now)",
- $key, base64_encode($vars), (string)$this->ip);
+ $key, $this->_encode($vars), (string)$this->ip);
+ $newvars = $vars);
return $this->update($key, $newvars, $oldvars);
}
return true;
else {
@@ -180,39 +179,6 @@ abstract class rcube_session
}
- /**
/**
- * Merge vars with old vars and apply unsets
- */
- private function _fixvars($vars, $oldvars)
+ private function _encode($vars)
{
- protected function _fixvars($vars, $oldvars)
- {
- if ($oldvars !== null) {
- $a_oldvars = $this->unserialize($oldvars);
- if (is_array($a_oldvars)) {
@ -90,36 +47,29 @@
- else {
- $newvars = $vars;
- }
+ if ($this->need_base64) {
+ return base64_encode($vars);
+ } else {
+ return $vars;
}
+ }
- }
-
- $this->unsets = array();
- return $newvars;
+
+ private function _decode($vars)
+ {
+ if ($this->need_base64) {
+ return base64_decode($vars);
+ } else {
+ return $vars;
+ }
- }
-
- /**
* Execute registered garbage collector routines
*/
public function gc($maxlifetime)
@@ -321,11 +287,6 @@ abstract class rcube_session
}
$this->appends[] = $path;
-
- // when overwriting a previously unset variable
- if ($this->unsets[$path]) {
- unset($this->unsets[$path]);
- }
}
@@ -350,7 +339,7 @@
else // else read data again
$oldvars = $this->mc_read($key);
- $newvars = $oldvars !== null ? $this->_fixvars($vars, $oldvars) : $vars;
+ $newvars = $vars;
if ($newvars !== $oldvars || $ts - $this->changed > $this->lifetime / 3) {
return $this->memcache->set($key, serialize(array('changed' => time(), 'ip' => $this->ip, 'vars' => $newvars)),
@@ -488,8 +477,6 @@
/**
@@ -340,8 +301,6 @@ abstract class rcube_session
return $this->destroy(session_id());
}
@ -128,3 +78,25 @@
if (isset($_SESSION[$var])) {
unset($_SESSION[$var]);
}
@@ -387,21 +346,6 @@ abstract class rcube_session
if ($data) {
session_decode($data);
-
- // apply appends and unsets to reloaded data
- $_SESSION = array_merge_recursive($_SESSION, $merge_data);
-
- foreach ((array)$this->unsets as $var) {
- if (isset($_SESSION[$var])) {
- unset($_SESSION[$var]);
- }
- else {
- $path = explode('.', $var);
- $k = array_pop($path);
- $node = &$this->get_node($path, $_SESSION);
- unset($node[$k]);
- }
- }
}
}

71
mail/roundcube/files/patch-program_lib_Roundcube_rcube_session_db.php Normal file
View file

@ -0,0 +1,71 @@
--- program/lib/Roundcube/rcube_session_db.php.orig 2016-05-22 11:06:47 UTC
+++ program/lib/Roundcube/rcube_session_db.php
@@ -32,6 +32,7 @@ class rcube_session_db extends rcube_ses
{
private $db;
private $table_name;
+ private $need_base64;
/**
* @param Object $config
@@ -39,6 +40,9 @@ class rcube_session_db extends rcube_ses
public function __construct($config)
{
parent::__construct($config);
+
+ // base64 encode if suhosin is not enabled
+ $this->need_base64 = ini_get("suhosin.session.encrypt") !== "1";
// get db instance
$this->db = rcube::get_instance()->get_dbh();
@@ -103,7 +107,7 @@ class rcube_session_db extends rcube_ses
$this->time_diff = time() - strtotime($sql_arr['ts']);
$this->changed = strtotime($sql_arr['changed']);
$this->ip = $sql_arr['ip'];
- $this->vars = base64_decode($sql_arr['vars']);
+ $this->vars = $this->_decode($sql_arr['vars']);
$this->key = $key;
return !empty($this->vars) ? (string) $this->vars : '';
@@ -126,7 +130,7 @@ class rcube_session_db extends rcube_ses
$this->db->query("INSERT INTO {$this->table_name}"
. " (`sess_id`, `vars`, `ip`, `created`, `changed`)"
. " VALUES (?, ?, ?, $now, $now)",
- $key, base64_encode($vars), (string)$this->ip);
+ $key, $this->_encode($vars), (string)$this->ip);
return true;
}
@@ -150,7 +154,7 @@ class rcube_session_db extends rcube_ses
if ($newvars !== $oldvars) {
$this->db->query("UPDATE {$this->table_name} "
. "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?",
- base64_encode($newvars), $key);
+ $this->_encode($newvars), $key);
}
else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) {
$this->db->query("UPDATE {$this->table_name} SET `changed` = $now"
@@ -173,4 +177,23 @@ class rcube_session_db extends rcube_ses
. date('Y-m-d H:i:s', time() - $this->gc_enabled)
. '; rows = ' . intval($this->db->affected_rows()));
}
+
+ private function _encode($vars)
+ {
+ if ($this->need_base64) {
+ return base64_encode($vars);
+ } else {
+ return $vars;
+ }
+ }
+
+ private function _decode($vars)
+ {
+ if ($this->need_base64) {
+ return base64_decode($vars);
+ } else {
+ return $vars;
+ }
+ }
+
}

11
mail/roundcube/files/patch-vendor_pear-pear.php.net_Net__Sieve_Net_Sieve.php
View file

@ -1,11 +0,0 @@
--- vendor/pear-pear.php.net/Net_Sieve/Net/Sieve.php.orig 2016-03-01 14:32:07 UTC
+++ vendor/pear-pear.php.net/Net_Sieve/Net/Sieve.php
@@ -229,7 +229,7 @@ class Net_Sieve
$this->_sock = new Net_Socket();
$this->_bypassAuth = $bypassAuth;
$this->_useTLS = $useTLS;
- $this->_options = $options;
+ $this->_options = (array)$options;
$this->setDebug($debug, $handler);
/* Try to include the Auth_SASL package. If the package is not