kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update to 1.2.0 release.

Browse source
This commit is contained in:
Alex Dupre 2016-06-10 07:09:56 +00:00
parent 0ad4c3e037
commit 64319ea36c
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=416656
11 changed files with 155 additions and 147 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
mail/roundcube/Makefile
View file

@ -1,8 +1,7 @@
# $FreeBSD$ # $FreeBSD$
PORTNAME= roundcube PORTNAME= roundcube
DISTVERSION= 1.1.5 DISTVERSION= 1.2.0
PORTREVISION= 1
PORTEPOCH= 1 PORTEPOCH= 1
CATEGORIES?= mail www CATEGORIES?= mail www
MASTER_SITES= https://github.com/roundcube/roundcubemail/releases/download/${DISTVERSION}/ MASTER_SITES= https://github.com/roundcube/roundcubemail/releases/download/${DISTVERSION}/
@ -24,10 +23,10 @@ CPE_PRODUCT= webmail
CPE_VENDOR= roundcube CPE_VENDOR= roundcube
WANT_PHP_WEB= yes WANT_PHP_WEB= yes
USE_PHP= pcre mbstring session iconv dom xml json intl zip filter USE_PHP= pcre mbstring session iconv dom xml json intl zip filter openssl fileinfo exif
IGNORE_WITH_PHP=70 IGNORE_WITH_PHP=70
OPTIONS_DEFINE= SSL LDAP GD PSPELL NSC DOCS OPTIONS_DEFINE= LDAP GD PSPELL NSC DOCS
OPTIONS_SINGLE= DB OPTIONS_SINGLE= DB
OPTIONS_SINGLE_DB= MYSQL PGSQL SQLITE OPTIONS_SINGLE_DB= MYSQL PGSQL SQLITE
OPTIONS_DEFAULT=MYSQL OPTIONS_DEFAULT=MYSQL
@ -35,7 +34,6 @@ OPTIONS_DEFAULT=MYSQL
MYSQL_DESC= Use MySQL backend MYSQL_DESC= Use MySQL backend
PGSQL_DESC= Use PostgreSQL backend PGSQL_DESC= Use PostgreSQL backend
SQLITE_DESC= Use SQLite backend SQLITE_DESC= Use SQLite backend
SSL_DESC= Enable SSL support (imaps or google spellcheck)
LDAP_DESC= Enable LDAP support (address book) LDAP_DESC= Enable LDAP support (address book)
GD_DESC= Enable GD support (image conversion) GD_DESC= Enable GD support (image conversion)
PSPELL_DESC= Enable PSpell support (internal spellcheck) PSPELL_DESC= Enable PSpell support (internal spellcheck)
@ -55,10 +53,6 @@ USE_PHP+= pdo_pgsql
USE_PHP+= pdo_sqlite USE_PHP+= pdo_sqlite
.endif .endif
.if ${PORT_OPTIONS:MSSL}
USE_PHP+= openssl
.endif
.if ${PORT_OPTIONS:MLDAP} .if ${PORT_OPTIONS:MLDAP}
USE_PHP+= ldap USE_PHP+= ldap
.endif .endif

5
mail/roundcube/distinfo
View file

@ -1,2 +1,3 @@
SHA256 (roundcubemail-1.1.5-complete.tar.gz) = 476a1d45b0592b2ad43e3e08cbc72e69ef31e33ed8a8f071f02e5a1ae3e7f334 TIMESTAMP = 1465476478
SIZE (roundcubemail-1.1.5-complete.tar.gz) = 4581781 SHA256 (roundcubemail-1.2.0-complete.tar.gz) = 574895da03b5ad78eaf0843a78e0c0ab734a9327b4ba47b72405b768cb2854cc
SIZE (roundcubemail-1.2.0-complete.tar.gz) = 3748290

19
mail/roundcube/files/patch-CVE-2016-5103
View file

@ -1,19 +0,0 @@
commit 6652367d656de7e5f404935be04e10aa281add53
Author: Aleksander Machniak <alec@alec.pl>
Date: Fri May 6 08:28:15 2016 +0200
Fix XSS issue in href attribute on area tag (#5240, #5241)
diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php
index 5938d9b..d03f04a 100644
--- program/lib/Roundcube/rcube_washtml.php
+++ program/lib/Roundcube/rcube_washtml.php
@@ -370,7 +370,7 @@ class rcube_washtml
*/
private function is_link_attribute($tag, $attr)
{
- return $tag == 'a' && $attr == 'href';
+ return ($tag == 'a' || $tag == 'area') && $attr == 'href';
}
/**

6
mail/roundcube/files/patch-INSTALL
View file

@ -1,6 +1,6 @@
--- INSTALL.orig 2015-02-08 13:43:29.000000000 +0000 --- INSTALL.orig 2016-05-22 11:06:47 UTC
+++ INSTALL 2015-02-19 12:22:34.259436291 +0000 +++ INSTALL
@@ -29,7 +29,6 @@ @@ -29,7 +29,6 @@ REQUIREMENTS
- memory_limit > 16MB (increase as suitable to support large attachments) - memory_limit > 16MB (increase as suitable to support large attachments)
- file_uploads enabled (for attachment upload features) - file_uploads enabled (for attachment upload features)
- session.auto_start disabled - session.auto_start disabled

8
mail/roundcube/files/patch-config_defaults.inc.php
View file

@ -1,7 +1,7 @@
--- config/defaults.inc.php.orig 2014-04-06 14:13:09.000000000 +0000 --- config/defaults.inc.php.orig 2016-05-22 11:06:45 UTC
+++ config/defaults.inc.php 2014-04-10 09:08:58.242144399 +0000 +++ config/defaults.inc.php
@@ -596,8 +596,8 @@ @@ -717,8 +717,8 @@ $config['spellcheck_dictionary'] = false
// connect to a Nox Spell Server when using 'googie' here. Therefore specify the 'spellcheck_uri' // You can connect to any other googie-compliant service by setting 'spellcheck_uri' accordingly.
$config['spellcheck_engine'] = 'googie'; $config['spellcheck_engine'] = 'googie';
-// For locally installed Nox Spell Server or After the Deadline services, -// For locally installed Nox Spell Server or After the Deadline services,

8
mail/roundcube/files/patch-installer_check.php
View file

@ -1,8 +1,8 @@
--- installer/check.php.orig 2012-08-06 18:18:13.000000000 +0200 --- installer/check.php.orig 2016-05-22 11:06:45 UTC
+++ installer/check.php 2012-08-13 12:36:52.000000000 +0200 +++ installer/check.php
@@ -39,7 +39,6 @@ @@ -43,7 +43,6 @@ $ini_checks = array(
'file_uploads' => 1,
'session.auto_start' => 0, 'session.auto_start' => 0,
'zend.ze1_compatibility_mode' => 0,
'mbstring.func_overload' => 0, 'mbstring.func_overload' => 0,
- 'suhosin.session.encrypt' => 0, - 'suhosin.session.encrypt' => 0,
'magic_quotes_runtime' => 0, 'magic_quotes_runtime' => 0,

6
mail/roundcube/files/patch-program_lib_Roundcube_bootstrap.php
View file

@ -1,6 +1,6 @@
--- program/lib/Roundcube/bootstrap.php.orig 2014-07-07 18:18:50.261368902 +0000 --- program/lib/Roundcube/bootstrap.php.orig 2016-05-22 11:06:47 UTC
+++ program/lib/Roundcube/bootstrap.php 2014-07-07 18:18:58.202127091 +0000 +++ program/lib/Roundcube/bootstrap.php
@@ -38,7 +38,6 @@ @@ -37,7 +37,6 @@ $config = array(
// check these additional ini settings if not called via CLI // check these additional ini settings if not called via CLI
if (php_sapi_name() != 'cli') { if (php_sapi_name() != 'cli') {
$config += array( $config += array(

6
mail/roundcube/files/patch-program_lib_Roundcube_rcube_message.php
View file

@ -1,6 +1,6 @@
--- program/lib/Roundcube/rcube_message.php.orig 2010-11-26 13:41:16.000000000 +0100 --- program/lib/Roundcube/rcube_message.php.orig 2016-05-22 11:06:47 UTC
+++ program/lib/Roundcube/rcube_message.php 2010-12-13 17:20:59.000000000 +0100 +++ program/lib/Roundcube/rcube_message.php
@@ -452,9 +452,7 @@ @@ -766,9 +766,7 @@ class rcube_message
} }
// part is a file/attachment // part is a file/attachment
else if (preg_match('/^(inline|attach)/', $mail_part->disposition) || else if (preg_match('/^(inline|attach)/', $mail_part->disposition) ||

150
mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php
View file

@ -1,73 +1,30 @@
--- program/lib/Roundcube/rcube_session.php.orig 2015-09-22 15:24:26.400132239 +0000 --- program/lib/Roundcube/rcube_session.php.orig 2016-05-22 11:06:47 UTC
+++ program/lib/Roundcube/rcube_session.php 2015-09-22 15:24:08.430133455 +0000 +++ program/lib/Roundcube/rcube_session.php
@@ -35,7 +35,6 @@ @@ -39,7 +39,6 @@ abstract class rcube_session
private $time_diff = 0; protected $time_diff = 0;
private $reloaded = false; protected $reloaded = false;
private $appends = array(); protected $appends = array();
- private $unsets = array(); - protected $unsets = array();
private $gc_handlers = array(); protected $gc_enabled = 0;
private $cookiename = 'roundcube_sessauth'; protected $gc_handlers = array();
private $vars; protected $cookiename = 'roundcube_sessauth';
@@ -46,6 +45,7 @@ @@ -158,7 +157,7 @@ abstract class rcube_session
private $logging = false;
private $storage;
private $memcache;
+ private $need_base64 = false;
/** // if there are cached vars, update store, else insert new data
* Blocks session data from being written to database. if ($oldvars) {
@@ -95,6 +95,9 @@
else if ($this->storage != 'php') {
ini_set('session.serialize_handler', 'php');
+ if (ini_get("suhosin.session.encrypt") !== "1")
+ $this->need_base64 = true;
+
// set custom functions for PHP session management
session_set_save_handler(
array($this, 'open'),
@@ -192,7 +195,7 @@
$this->time_diff = time() - strtotime($sql_arr['ts']);
$this->changed = strtotime($sql_arr['changed']);
$this->ip = $sql_arr['ip'];
- $this->vars = base64_decode($sql_arr['vars']);
+ $this->vars = $this->_decode($sql_arr['vars']);
$this->key = $key;
return !empty($this->vars) ? (string) $this->vars : '';
@@ -232,12 +235,12 @@
}
if ($oldvars !== null) {
- $newvars = $this->_fixvars($vars, $oldvars); - $newvars = $this->_fixvars($vars, $oldvars);
+ $newvars = $vars; + $newvars = $vars);
return $this->update($key, $newvars, $oldvars);
if ($newvars !== $oldvars) {
$this->db->query("UPDATE {$this->table_name} "
. "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?",
- base64_encode($newvars), $key);
+ $this->_encode($newvars), $key);
}
else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) {
$this->db->query("UPDATE {$this->table_name} SET `changed` = $now"
@@ -248,44 +251,30 @@
$this->db->query("INSERT INTO {$this->table_name}"
. " (`sess_id`, `vars`, `ip`, `created`, `changed`)"
. " VALUES (?, ?, ?, $now, $now)",
- $key, base64_encode($vars), (string)$this->ip);
+ $key, $this->_encode($vars), (string)$this->ip);
} }
else {
return true; @@ -180,39 +179,6 @@ abstract class rcube_session
} }
/**
- /**
- * Merge vars with old vars and apply unsets - * Merge vars with old vars and apply unsets
- */ - */
- private function _fixvars($vars, $oldvars) - protected function _fixvars($vars, $oldvars)
+ private function _encode($vars) - {
{
- if ($oldvars !== null) { - if ($oldvars !== null) {
- $a_oldvars = $this->unserialize($oldvars); - $a_oldvars = $this->unserialize($oldvars);
- if (is_array($a_oldvars)) { - if (is_array($a_oldvars)) {
@ -90,36 +47,29 @@
- else { - else {
- $newvars = $vars; - $newvars = $vars;
- } - }
+ if ($this->need_base64) { - }
+ return base64_encode($vars); -
+ } else {
+ return $vars;
}
+ }
- $this->unsets = array(); - $this->unsets = array();
- return $newvars; - return $newvars;
+ - }
+ private function _decode($vars) -
+ { - /**
+ if ($this->need_base64) { * Execute registered garbage collector routines
+ return base64_decode($vars); */
+ } else { public function gc($maxlifetime)
+ return $vars; @@ -321,11 +287,6 @@ abstract class rcube_session
+ } }
$this->appends[] = $path;
-
- // when overwriting a previously unset variable
- if ($this->unsets[$path]) {
- unset($this->unsets[$path]);
- }
} }
/**
@@ -350,7 +339,7 @@ @@ -340,8 +301,6 @@ abstract class rcube_session
else // else read data again
$oldvars = $this->mc_read($key);
- $newvars = $oldvars !== null ? $this->_fixvars($vars, $oldvars) : $vars;
+ $newvars = $vars;
if ($newvars !== $oldvars || $ts - $this->changed > $this->lifetime / 3) {
return $this->memcache->set($key, serialize(array('changed' => time(), 'ip' => $this->ip, 'vars' => $newvars)),
@@ -488,8 +477,6 @@
return $this->destroy(session_id()); return $this->destroy(session_id());
} }
@ -128,3 +78,25 @@
if (isset($_SESSION[$var])) { if (isset($_SESSION[$var])) {
unset($_SESSION[$var]); unset($_SESSION[$var]);
} }
@@ -387,21 +346,6 @@ abstract class rcube_session
if ($data) {
session_decode($data);
-
- // apply appends and unsets to reloaded data
- $_SESSION = array_merge_recursive($_SESSION, $merge_data);
-
- foreach ((array)$this->unsets as $var) {
- if (isset($_SESSION[$var])) {
- unset($_SESSION[$var]);
- }
- else {
- $path = explode('.', $var);
- $k = array_pop($path);
- $node = &$this->get_node($path, $_SESSION);
- unset($node[$k]);
- }
- }
}
}

71
mail/roundcube/files/patch-program_lib_Roundcube_rcube_session_db.php Normal file
View file

@ -0,0 +1,71 @@
--- program/lib/Roundcube/rcube_session_db.php.orig 2016-05-22 11:06:47 UTC
+++ program/lib/Roundcube/rcube_session_db.php
@@ -32,6 +32,7 @@ class rcube_session_db extends rcube_ses
{
private $db;
private $table_name;
+ private $need_base64;
/**
* @param Object $config
@@ -39,6 +40,9 @@ class rcube_session_db extends rcube_ses
public function __construct($config)
{
parent::__construct($config);
+
+ // base64 encode if suhosin is not enabled
+ $this->need_base64 = ini_get("suhosin.session.encrypt") !== "1";
// get db instance
$this->db = rcube::get_instance()->get_dbh();
@@ -103,7 +107,7 @@ class rcube_session_db extends rcube_ses
$this->time_diff = time() - strtotime($sql_arr['ts']);
$this->changed = strtotime($sql_arr['changed']);
$this->ip = $sql_arr['ip'];
- $this->vars = base64_decode($sql_arr['vars']);
+ $this->vars = $this->_decode($sql_arr['vars']);
$this->key = $key;
return !empty($this->vars) ? (string) $this->vars : '';
@@ -126,7 +130,7 @@ class rcube_session_db extends rcube_ses
$this->db->query("INSERT INTO {$this->table_name}"
. " (`sess_id`, `vars`, `ip`, `created`, `changed`)"
. " VALUES (?, ?, ?, $now, $now)",
- $key, base64_encode($vars), (string)$this->ip);
+ $key, $this->_encode($vars), (string)$this->ip);
return true;
}
@@ -150,7 +154,7 @@ class rcube_session_db extends rcube_ses
if ($newvars !== $oldvars) {
$this->db->query("UPDATE {$this->table_name} "
. "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?",
- base64_encode($newvars), $key);
+ $this->_encode($newvars), $key);
}
else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) {
$this->db->query("UPDATE {$this->table_name} SET `changed` = $now"
@@ -173,4 +177,23 @@ class rcube_session_db extends rcube_ses
. date('Y-m-d H:i:s', time() - $this->gc_enabled)
. '; rows = ' . intval($this->db->affected_rows()));
}
+
+ private function _encode($vars)
+ {
+ if ($this->need_base64) {
+ return base64_encode($vars);
+ } else {
+ return $vars;
+ }
+ }
+
+ private function _decode($vars)
+ {
+ if ($this->need_base64) {
+ return base64_decode($vars);
+ } else {
+ return $vars;
+ }
+ }
+
}

11
mail/roundcube/files/patch-vendor_pear-pear.php.net_Net__Sieve_Net_Sieve.php
View file

@ -1,11 +0,0 @@
--- vendor/pear-pear.php.net/Net_Sieve/Net/Sieve.php.orig 2016-03-01 14:32:07 UTC
+++ vendor/pear-pear.php.net/Net_Sieve/Net/Sieve.php
@@ -229,7 +229,7 @@ class Net_Sieve
$this->_sock = new Net_Socket();
$this->_bypassAuth = $bypassAuth;
$this->_useTLS = $useTLS;
- $this->_options = $options;
+ $this->_options = (array)$options;
$this->setDebug($debug, $handler);
/* Try to include the Auth_SASL package. If the package is not