mail/roundcube: update to 1.6.3

From release announce:

We just published a security update to the version 1.6 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:

Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in
plain text messages, reported by Niraj Shivtarkar.  See the full changelog
in the release notes in the release notes on the Github download page.

We strongly recommend to update all productive installations of Roundcube
1.6.x with this new version.


1.6.3 (2023-09-15)

* Fix bug where installto.sh/update.sh scripts were removing some essential
  options from the config file (#9051)

* Update jQuery-UI to version 1.13.2 (#9041)

* Fix regression that broke use_secure_urls feature (#9052)

* Fix potential PHP fatal error when opening a message with message/rfc822
  part (#8953)

* Fix bug where a duplicate `<title>` tag in HTML email could cause some
  parts being cut off (#9029)

* Fix bug where a list of folders could have been sorted incorrectly (#9057)

* Fix regression where LDAP addressbook 'filter' option was ignored (#9061)

* Fix wrong order of a multi-folder search result when sorting by size
  (#9065)

* Fix so install/update scripts do not require PEAR (#9037)

* Fix regression where some mail parts could have been decoded incorrectly,
  or not at all (#9096)

* Fix handling of an error case in Cyrus IMAP BINARY FETCH, fallback to
  non-binary FETCH (#9097)

* Fix PHP8 deprecation warning in the reconnect plugin (#9083)

* Fix "Show source" on mobile with x_frame_options = deny (#9084)

* Fix various PHP warnings (#9098)

* Fix deprecated use of ldap_connect() in password's ldap_simple driver
  (#9060)

* Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in
  plain text messages
This commit is contained in:
taca 2023-09-18 03:39:02 +00:00
parent dd5330e660
commit 21945b9faa
8 changed files with 18 additions and 22 deletions

View File

@ -1,10 +1,9 @@
# $NetBSD: Makefile,v 1.15 2023/08/14 05:24:48 wiz Exp $
# $NetBSD: Makefile,v 1.16 2023/09/18 03:39:02 taca Exp $
PLUGIN= enigma
MAINTAINER= taca@NetBSD.org
COMMENT= Enigma Plugin for Roundcube
PKGREVISION= 1
LICENSE= gnu-gpl-v3
DEPENDS+= ${PHP_PKG_PREFIX}-pear-Crypt_GPG>=1.4.3:../../security/pear-Crypt_GPG

View File

@ -1,10 +1,9 @@
# $NetBSD: Makefile,v 1.21 2023/08/14 05:24:48 wiz Exp $
# $NetBSD: Makefile,v 1.22 2023/09/18 03:39:03 taca Exp $
PLUGIN= password
MAINTAINER= taca@NetBSD.org
COMMENT= Password change plugin for roundcube
PKGREVISION= 2
LICENSE= gnu-gpl-v3
DEPENDS+= tcl-expect>=5.32.1:../../lang/tcl-expect

View File

@ -1,6 +1,6 @@
$NetBSD: distinfo,v 1.32 2023/07/07 12:57:21 taca Exp $
$NetBSD: distinfo,v 1.33 2023/09/18 03:39:03 taca Exp $
BLAKE2s (roundcubemail-1.6.2-complete.tar.gz) = 91400b528de68ebca896960e72280c9bcc19dac8578602e288c0d703dba26c42
SHA512 (roundcubemail-1.6.2-complete.tar.gz) = 1889548dbe9913555cec4115137157de9daf5e2cca9e4004fb19c8ddebd3081cce32b6d8634891341c890379c4f9e35a5c705739f24b0b3b93fc31449f090297
Size (roundcubemail-1.6.2-complete.tar.gz) = 6004046 bytes
BLAKE2s (roundcubemail-1.6.3-complete.tar.gz) = 6874a24ed9ad198c2bd50e5de93ec782adad8a388d441a2348bee1f1529acae6
SHA512 (roundcubemail-1.6.3-complete.tar.gz) = 9a44a898f8ed9a338f126af19b572b61a7b108412be5f0c445f6ff3d84636a1487cc594347629a757e2fa18fdfa2881c3dd373e2431132a906799992c935b548
Size (roundcubemail-1.6.3-complete.tar.gz) = 6026670 bytes
SHA1 (patch-plugins_password_helpers_passwd-expect) = 15e427a3c90bf7c0437a023b3f099abb5a139165

View File

@ -1,10 +1,9 @@
# $NetBSD: Makefile,v 1.12 2023/08/14 05:24:48 wiz Exp $
# $NetBSD: Makefile,v 1.13 2023/09/18 03:39:03 taca Exp $
PLUGIN= zipdownload
MAINTAINER= taca@NetBSD.org
COMMENT= Roundcube Webmail ZipDownload plugin
PKGREVISION= 1
LICENSE= gnu-gpl-v3
DEPENDS+= ${PHP_PKG_PREFIX}-zip>=5.4.0:../../archivers/php-zip

View File

@ -1,8 +1,7 @@
# $NetBSD: Makefile,v 1.98 2023/07/27 08:18:00 abs Exp $
# $NetBSD: Makefile,v 1.99 2023/09/18 03:39:02 taca Exp $
DISTNAME= roundcubemail-${RC_VERS}
PKGNAME= ${PHP_PKG_PREFIX}-${DISTNAME:S/mail-/-/:S/-complete//}
PKGREVISION= 1
MAINTAINER= taca@NetBSD.org
COMMENT= Browser-based multilingual IMAP client

View File

@ -1,4 +1,4 @@
# $NetBSD: Makefile.common,v 1.30 2023/07/07 12:57:21 taca Exp $
# $NetBSD: Makefile.common,v 1.31 2023/09/18 03:39:02 taca Exp $
#
# used by mail/roundcube/Makefile
# used by mail/roundcube/plugins.mk
@ -10,7 +10,7 @@ GITHUB_PROJECT= roundcubemail
GITHUB_RELEASE= ${RC_VERS}
HOMEPAGE= https://roundcube.net/
RC_VERS= 1.6.2
RC_VERS= 1.6.3
USE_LANGUAGES= # none
USE_TOOLS+= pax

View File

@ -1,4 +1,4 @@
@comment $NetBSD: PLIST,v 1.54 2023/07/27 08:18:00 abs Exp $
@comment $NetBSD: PLIST,v 1.55 2023/09/18 03:39:02 taca Exp $
share/doc/roundcube/CHANGELOG.md
share/doc/roundcube/INSTALL
share/doc/roundcube/LICENSE
@ -1921,6 +1921,9 @@ share/roundcube/program/localization/tr_TR/messages.inc
share/roundcube/program/localization/tr_TR/timezones.inc
share/roundcube/program/localization/tzl/labels.inc
share/roundcube/program/localization/tzl/messages.inc
share/roundcube/program/localization/ug/labels.inc
share/roundcube/program/localization/ug/messages.inc
share/roundcube/program/localization/ug/timezones.inc
share/roundcube/program/localization/uk_UA/labels.inc
share/roundcube/program/localization/uk_UA/messages.inc
share/roundcube/program/localization/ur_PK/labels.inc
@ -2183,9 +2186,6 @@ share/roundcube/vendor/guzzlehttp/promises/src/RejectionException.php
share/roundcube/vendor/guzzlehttp/promises/src/TaskQueue.php
share/roundcube/vendor/guzzlehttp/promises/src/TaskQueueInterface.php
share/roundcube/vendor/guzzlehttp/promises/src/Utils.php
share/roundcube/vendor/guzzlehttp/promises/vendor-bin/php-cs-fixer/composer.json
share/roundcube/vendor/guzzlehttp/promises/vendor-bin/phpstan/composer.json
share/roundcube/vendor/guzzlehttp/promises/vendor-bin/psalm/composer.json
share/roundcube/vendor/guzzlehttp/psr7/CHANGELOG.md
share/roundcube/vendor/guzzlehttp/psr7/LICENSE
share/roundcube/vendor/guzzlehttp/psr7/README.md

View File

@ -1,8 +1,8 @@
$NetBSD: distinfo,v 1.84 2023/07/07 12:57:21 taca Exp $
$NetBSD: distinfo,v 1.85 2023/09/18 03:39:02 taca Exp $
BLAKE2s (roundcubemail-1.6.2-complete.tar.gz) = 91400b528de68ebca896960e72280c9bcc19dac8578602e288c0d703dba26c42
SHA512 (roundcubemail-1.6.2-complete.tar.gz) = 1889548dbe9913555cec4115137157de9daf5e2cca9e4004fb19c8ddebd3081cce32b6d8634891341c890379c4f9e35a5c705739f24b0b3b93fc31449f090297
Size (roundcubemail-1.6.2-complete.tar.gz) = 6004046 bytes
BLAKE2s (roundcubemail-1.6.3-complete.tar.gz) = 6874a24ed9ad198c2bd50e5de93ec782adad8a388d441a2348bee1f1529acae6
SHA512 (roundcubemail-1.6.3-complete.tar.gz) = 9a44a898f8ed9a338f126af19b572b61a7b108412be5f0c445f6ff3d84636a1487cc594347629a757e2fa18fdfa2881c3dd373e2431132a906799992c935b548
Size (roundcubemail-1.6.3-complete.tar.gz) = 6026670 bytes
SHA1 (patch-config_config.inc.php.sample) = 92a48a97b16fe3f5f4b9441fce762a559d8daca7
SHA1 (patch-program_include_iniset.php) = 8a6c13c0c87d583ed60e43c01a4173d9d802a6a1
SHA1 (patch-program_lib_Roundcube_rcube__mime.php) = b1e9479d575b7fd61c413e2b76ee36c06ece7a5c