Commit graph

77 commits

Author SHA1 Message Date
adrianp
2ae6078ec7 Give up MAINTAINER 2009-07-17 18:00:13 +00:00
joerg
e031855e4a Convert @exec/@unexec to @pkgdir or drop it. 2009-06-14 22:00:14 +00:00
adrianp
2aaaefb717 The major changes compared to Horde version 3.3.2 are:
* SECURITY: Fix unescaped output in the tag cloud block
    * SECURITY: Fix unvalidated Horde_Image driver name
    * Restore backwards compatibility with older Kronolith and Whups
      releases
    * Fix problems with SQL Shares and PostgreSQL
    * Support Mozilla Sunbird snooze properties

The full list of changes (from version 3.3.2) can be viewed here:

http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.492&r2=1.515.2.503&ty=h
2009-01-30 22:22:26 +00:00
adrianp
6368313d29 +pear-HTTP_Request
PKGREVISION++
2009-01-04 13:47:42 +00:00
adrianp
e834d5b7f4 Upgrade to 3.3.2:
------
v3.3.2
------

[mms] Fix prototypejs regression on IE (Bug #6590).


------
v3.3.1
------

[cjh] SECURITY: Add another check to the XSS filter.
[jan] Add script to import preferences from SquirrelMail database.
[cjh] Allow the password file Auth driver to require a specific group.
[cjh] Use YYYY-MM-DDTHH:MM:SS for Alarm date queries (Bug #7580).
[jan] Add XPath wrapper to Horde_DOM library.
[cjh] Don't use executeMultiple in the SQL Share driver when we might
      reset the connection in between queries (Bug #7542).
[jan] Fix database XML schema to create all lock table fields (Bug #7433).
[jan] Fix showing two sidebars after saving the display preference group for
      the first time (Bug #7475).
[jan] Fix sharing with LDAP groups (Bug #6883).
[jan] Add javascript event handler for access keys.
[cjh] Remove UNSIGNED from PostgreSQL scripts.
[cjh] Call preference hooks in the scope of the preference
      (vlukashov (at) parallels (dot) com, Bug #7445).
[jan] Fix resuming synchronization session on server farms
      (adrieder@sbox.tugraz.at, Bug #7394).
[jan] Fix synchronization of tasks with many items (adrieder@sbox.tugraz.at,
      Bug #7395).
[mms] Upgrade prototype.js to v1.6.0.3.
[jwm] Fix regression: SOAP wsdl/disco shouldn't require authorization.
2008-12-15 23:05:14 +00:00
adrianp
c75379e2ed Update to 3.3
----
v3.3
----

[jan] Fix synchronization issues with Blackberry clients (bug 6949).
[mms] Fix setting the horde user when using application authentication with
      realms (bug 6749).
[jan] Fix user name conversion with user hooks in the permissions interfaces
      (bug 6371).
[jan] Provide all settings for the read server in split SQL configuration
      (Request #7024).
[jan] Improve HTML to text filter.
[mjr] Hierarchical SQL Share driver now correctly removes all children when
      removing a share (Bug: 7347).
[mjr] Fix an issue with various date/time fields in horde form that was causing
      erroneous validation errors.
[cjh] Sign parameters to go.php with an HMAC based on a new secret key
      configuration value, to prevent using go.php as an open referrer.
[cjh] Make logout tokens only valid for a configurable length of time.


--------
v3.3-RC1
--------

[mms] Fix garbage collection handling on SQL session handler backends.
[mjr] Change MDB2 sequence names to 'id' in SQL share driver (bug 7240).
[cjh] When a URL is supplied for pass-through after logging in, go to that URL
      in mobile browsers instead of going to the mobile portal (bug 6332).
[mms] Memcache session handler no longer writes data with a lifetime.
[cjh] Add DIMP to the horde LDAP OIDs and hordePerson objectclass (bug 7243).
[mms] Update FCKeditor to v2.6.3.
[jan] Use global mailer configuration when sending alarm emails
      (adrieder@sbox.tugraz.at, bug 7058).
[jan] Reset background colors when resetting the category form (bug 7226).
[jan] Improve Funambol contacts support (Requests #7099, #7100).
[jan] Correctly parse GEO tags in vCard 2.1 data (bug 6563).
[jan] Remove Horde portal link from application menus (bug 7221).
[cjh] Create a driver for signups, allowing backends other than DataTree
      (Duck <duck@obala.net>, Request #7161).
[jan] Fix displaying images with the image form field.
[mjr] Fix issue with hierarchical SQL share driver that caused permissons to
      erroneously be denied when the share contained group permissions and was
      instantiated by a listShares call.
[mjr] Fix issue with hierarchical SQL share driver that caused any child shares
      to be orphaned when the parent share was moved in the hierarchy.
[mjr] Fix issue with SQL share drivers that was causing permission checks to
      fail under certain conditions by no longer explicitly storing owner
      permissions in the Perms backend.
[cjh] Fix overwriting a variable in the tableset_html VarRenderer
      (Paul Roy <proy@corom.ca>, bug 7120).
[mms] Fix MIME encoding when using the ISO-2022-JP charset (bug 1621).
[jan] Fix SQL Share driver not using the correct database when using different
      databases in Horde applications (bug 6997).
[cjh] Fix SQL portability in Share_sql driver (bug 7084).
[jan] Fix synchronizing large amounts of data split across several SyncML
      messages.
[jan] Add Basque translation (Euskal Herriko Unibertsitatea EHU/UPV
      <xabier.arrieta@ehu.es>).
[cjh] Fix Horde_Lock::getLockInfo (duck@obala.net, Bub #7046).
[cjh] Fix SQL portability in Group_sql driver (bug 7075).
[jan] Fix PAM authentication driver, but also mark it as deprecated (bug 6982).
[mjr] Fix issue with native SQL Share driver that caused filtering shares by
      attributes to fail.
[jan] Fix synchronization of event alarms with Funambol clients (bug 7003).
[jan] Correctly detect Funambol clients on Blackberry devices (bug 6995).
[mjr] Remove all user application permissions and group memberships from storage
      when removing the user from the system (Bug: 6999)
[cjh] Call the postauthenticate hook in Auth::setAuth(), and allow the
      postauthenticate hook to cause setAuth() to fail. Allows postauthenticate
      to fire on any event, including transparent authentication, that could
      result in a user being successfully logged in.
[jan] Improve attribute support and charset conversion in vCard viewer.
[jan] Show photos in vCard object if provided with an URL.
[mjr] Remove permissions from storage also when removing a share.
[jan] Add Horde_Form fields for string arrays and PGP and S/MIME keys.
[jan] Only show Add Permission icons in permissions interface where adding
      them is possible.
[mjr] Fix issue in Horde_Image that was causing erratic results when cropping
      images.
[jan] Fix validation of phone fields marked as required (bug 6948).
[mms] Fix quoting periods in display part of e-mail address (bug 6899).
[mms] Fix error checking when parsing an undisclosed recipients mail header
      and using an older version of PEAR::Mail (bug 6930).
[jan] Return to portal after editing or deleting blocks directly from there.
2008-10-12 12:00:52 +00:00
adrianp
09c15a9ba2 Update to 3.2.2
[jan] SECURITY: Fix unescaped output in the MIME attachment linking.
[jan] SECURITY: Add another check to the XSS filter.
2008-09-10 18:47:29 +00:00
adrianp
793cd9857a Add DEPENDS on a few new PEAR packages to fix PR 39102
PKGREVISION++
2008-07-08 21:14:18 +00:00
adrianp
c1b5b2b350 The major changes compared to the Horde version H3 (3.2.1) are:
* Escape item names in the object browser.
* Select db before queries in MySQL SessionHandler.
* Format messages sent through MIME_Mail in flowed text format.
* Fixes for SQL shares with split read/write databases, and  various fixes for hierarchical shares.
* Workaround broken IE behavior when downloading files with 8-bit  filenames.
* Fix storing of unlocked preferences set by hooks.
* Allow Horde memcache driver to use UNIX sockets.
* Fix parsing of addresses in headers when the RFC 2047-encoded personal part of the address contains address list delimiters.
* Fix generation of unique keys in configuration for machines too fast for microtime().
* Added group driver for Kolab.
* Added IMAP based preferences driver for Kolab.
* Fix missing timestamp variable in Horde SQL cache driver.
* Fix over-zealous preference caching when preferences are requested for a different user.
* Fix issue in Horde_Image that caused errors when performing  certain image operations immediately after an image had been cropped when using the ImageMagick driver.
The full list of changes (from version 3.2) can be viewed here:
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.392&r2=1.515.2.413&ty=h
2008-06-17 21:25:38 +00:00
adrianp
0cf3301791 Horde version 3.2 is a major upgrade in the 3.x release series, including these
enhancements:
* Stable synchronization support through integrated SyncML server.
* A new Alarm system that can send email alarms, generate popup or inline
  notifications, and play sounds for events in any Horde application.
* Support for separate read and write databases, and improved useability
  when the database is unavailable.
* Improved performance, through caching and native SQL drivers for shares,
  groups, and permissions; faster DataTree queries, and smarter use of
  session data.
* The administrator can disable users' ability to change permissions on
  their Shares.
* Two slick new themes, Tango Blue and Silver Surfer.
* WCAG 1.0 Priority 2/Section 508 accessibility guidelines compliance.
* Full Kolab webclient support.
* Improved JavaScript code including more caching, JSON support, new
  spell checking and color picking widgets, replacing htmlarea with xinha,
  and dynamic portal updates.
* Help is now searchable and has a tree view for easy organization and
  exploration of help topics.
* Wider memcache support and easier memcache configuration, including
  connection pooling and multiple memcache servers.
* A more complete WebDAV server.
* "Drop-in" configuration support for applications through
  config/registry.d/.
* Many additional hooks, for performing actions on preference value
  changes, and after loading an application.
* and much, much more.
2008-05-26 12:52:51 +00:00
joerg
3d8ef5a52d Second round of explicit pax dependencies. As reminded by tnn@,
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.
2008-05-26 02:13:14 +00:00
adrianp
fc29e471e6 Bump to 3.1.7
Major changes compared to Horde 3.1.6 are:
    * Fix arbitrary file inclusion through abuse of the theme preference.
2008-03-08 17:36:53 +00:00
adrianp
f666c3d44e Major changes compared to Horde 3.1.5 are:
* Fixed privilege escalation in the Horde API.
* Improved XSS filtering.
* Fixed locked portal blocks.
* Further improved webroot detection.
* Updated Japanese translation.
2008-01-10 23:08:06 +00:00
adrianp
bffa4b6008 ------
v3.1.5
------

[cjh] Fix identity javascript when some fields are disabled
      (veikko@immonen@otaverkko.fi, Bug 5595).
[cjh] Disable the Turkish locale if using PHP 5 (see
      http://bugs.php.net/bug.php?id=35050).
[jan] Improved webroot detection (Request 4126).
[jan] Fix selecting the language on the login screen (Bug 5098).
[jan] Fix searching for single quotes in email headers (qa@cpanel.net, Bug
      4854).
[jan] Fix portal layouts with more than one horizontally expanded block per
      row.
2007-11-15 22:11:36 +00:00
jlam
4390d56940 Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user.  This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.

(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
    unprivileged.mk.  These two variables are lists of other bmake
    variables that define package-specific users and groups.  Packages
    that have user-settable variables for users and groups, e.g. apache
    and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
    etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
    so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
    and ${UNPRIVILEGED_GROUP}.

(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
2007-07-04 20:54:31 +00:00
adrianp
a3300f2288 Update to 3.1.4
------
v3.1.4
------
[jan] SECURITY: Correctly quote file names in cleanup script for temporary
files.
[jan] Fix RPC authentication on CGI SAPIs.
[jan] Detect unencrypted PGP messages.

----------
v3.1.4-RC1
----------
[jan] SECURITY: Fix an XSS vulnerability in the language selection.
[jan] Complete Cyrus virtual domain support in cyrsql driver (Vilius Sumskas
<vilius@lnk.lt>, Request #4967).
[jan] Add option whether to strip domains from usernames in the account block
(Request #4955).
[jan] Fix email lists not being validated under certain conditions (Bug #4834).
[cjh] Add a REST-ful preferences interface.
[cjh] Faster DataTree-to-SQL History migration script
(josh@endries.org, Request #4732).
[cjh] Improved automatic webroot detection (Ben Klang, Request #4126).
[cjh] Rewrite and fix the OCI8 SessionHandler (Bug #3452).
[cjh] Allow signup hooks to override the user_name and password fields
(thomas@gelf.net, Request #2904).
[cjh] Fix creation of mailbox quotas by the Auth_cyrus driver
(pascal@vmfacility.fr, Bug #4678).
[cjh] Add "Save and Finish" to the share edit window (webmgr@muskingum.edu,
Request #4307).
[cjh] Let mailto: and anchor (#) links through Horde::externalUrl (Bug #3079).
[cjh] Add smbclient version of the SMB Auth class (larry@wimble.biz,
Request #4338).
[cjh] Remove problematic "data descriptor" segment from generated ZIP files
(reitsma@denison.edu, Bug #4670).
[cjh] Strip accesskeys from menu tooltips when only showing icons (Bug #4667).
[jan] Fix saving files in the root directory of an SQL VFS backend (Bug #4652,
Ben Klang <ben@alkaloid.net>).
[jan] Fix displaying all maintenance tasks to be confirmed at once (Bug #4377).
[cjh] Fix return format of DataTree_null::getByAttributes()
(thomas.jarosch@intra2net.com, Bug #4651).
[jan] Support departments in vCard's ORG properties (martin@matuska.org,
Request #4285).
[cjh] Rename Auth_sasl backend to Auth_peclsasl to avoid conflicts with PEAR's
Auth_SASL (Bug #4547).
[cjh] Implement handling of vTimezones in iCalendar data
(Carl Thompson <lists-horde@carlthompson.net>, Bug #4399).
[cjh] keybindings.js now works with Safari/KHTML.
[jan] Avoid recursive folder creation when sharing Kolab folders
(michael.sheldon@credativ.de, Bug #4325).
[jan] Add Kolab specific account block driver to support special Kolab users
(mzizka@hotmail.com, Request: #4119).
[mms] Only dim below the last signature line of input text in the dimsignature
Text_Filter driver.
2007-03-18 12:24:13 +00:00
adrianp
dbdbd7b6fb Fix a PLIST bug pointed out by ghen@
Bump PKGREVISON
2006-08-20 10:10:59 +00:00
adrianp
161b5ec0f8 Update to 3.1.3
Major changes compared to Horde 3.1.2 are:
* Security Fixes
  - Closed an XSS problem in index.php and improved protection against
    phishing attempts.
* Bugfixes and improvements
  - Added Kolab group ACL support.
  - Improved import of date and time fields.
  - Fixed synchronization support.
  - Updated Catalan, German and Slovenian translations.

The full list of changes (from version 3.1.2) can be viewed here:
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.252&r2=1.515.2.261&ty=h
2006-08-17 20:15:40 +00:00
adrianp
98708b2cfd Update Makefile missed in 3.1.2 update 2006-07-13 20:42:21 +00:00
adrianp
2b24ae1102 Update to 3.1.2
Major changes compared to Horde 3.1.1 are:

* Security Fixes
- Closed XSS problems in dereferrer (IE only), help viewer and problem
  reporting screen.
- Removed unused image proxy code from dereferrer.

* Bugfixes and improvements
- Added configuration option to disable GET-based sessions.
- Added Oracle and generic SQL upgrade scripts.
- Improved default charset support.
- Improved API and RPC interface.
- Fixed the preference cache.

The full list of changes (from version 3.1.1) can be viewed here:
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.231&r2=1.515.2.252&ty=h
2006-07-13 20:41:51 +00:00
adrianp
07e89eed90 Bump to 3.1.1nb2 to address recent XSS issue (patches from Horde CVS) 2006-06-16 09:23:21 +00:00
joerg
337c6b1297 Rename all PHP 4 packages to php4-*, all PHP 5 packages to php5-*,
all PEAR packages to php?-pear-* and all Apache packages to ap13-* or
ap2-* respectively. Add new variables to simplify the Makefile
handling. Add CONFLICTS on the old names. Reset revisions of bumped
packages. ap-php will now depend on the default Apache and PHP version.
All programs using it have an implicit option of the Apache version
as well.

OK from jlam@ and adrianp@.
2006-06-02 18:27:54 +00:00
adrianp
d91c0b105f Add PHP_VERSIONS_ACCEPTED=4 as this does not work with PHP5 (from joerg@) 2006-05-28 15:48:32 +00:00
joerg
5911def816 Recursive revision bump / recommended bump for gettext ABI change. 2006-02-05 23:08:03 +00:00
jlam
dc9594e09d Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
2005-12-29 06:21:30 +00:00
adrianp
eb53021ad2 Update horde to 2.2.9
From the CHANGES:
> Changes in this release:
>     * Fixed a potential XSS vulnerability.
2005-11-25 21:21:04 +00:00
jlam
bd2788d930 Merge CONF_FILES/SUPPORT_FILES and CONF_FILES_PERMS/SUPPORT_FILES_PERMS
as the INSTALL and DEINSTALL scripts no longer distinguish between
the two types of files.  Drop SUPPORT_FILES{,_PERMS} and modify the
packages in pkgsrc accordingly.
2005-08-19 18:12:36 +00:00
salo
378efa4d50 Bump PKGREVISION, DEPENDS changed. (hi bouyer!) 2005-06-02 23:26:41 +00:00
bouyer
1dea294ba2 Move pear-Mail dependancy from www/horde to mail/imp (horde itself doesn't
need it).
2005-06-02 09:13:44 +00:00
bouyer
65c30c2aa6 Add dependancy to pear-DB and pear-Mail, now that these aren't included
in php any more.
While here, change -* to -[0-9]* for the pear-Log dependancy.
2005-06-02 09:03:27 +00:00
salo
0c83cd4405 delint. 2005-05-15 21:39:07 +00:00
adrianp
e48d41c9d1 - Update horde to 2.2.8
Changes in this release:
    * Fixed two XSS vulnerabilities.
    * Updated German and Traditional Chinese translations.
2005-05-14 13:33:15 +00:00
minskim
ba0db2d1e8 Remove entries added by mistake. 2005-04-19 14:49:35 +00:00
minskim
c9cd1e5a11 Add missing files to PLIST. Bump PKGREVISION. 2005-04-19 14:39:42 +00:00
erh
0816803415 Mention where to get the most recent versions of imp and horde 2005-03-28 23:11:43 +00:00
wiz
809ad6f2f7 Add RMD160 checksums. 2005-02-24 14:08:26 +00:00
minskim
c225bbc716 Honor SHAREMODE. 2005-01-28 15:47:59 +00:00
adrianp
a180b10fba - Add CONFICTS for newly imported horde 3.x packages
- Fix bug with pear-Log DEPENDS statement
2005-01-16 21:13:37 +00:00
bouyer
e8b46e1940 Horde has a run-time dependancy on ../../sysutils/pear-Log 2005-01-10 16:25:27 +00:00
adam
f20238d20c Changes 2.2.7:
* Fixed potential XSS vulnerability in the help window
* Restored compatibility with PHP 4.1
* Fixed charset of Latvian translation
2004-11-09 16:23:02 +00:00
jdolecek
8b91b79ee5 update DEPENDS for change of php4-* packages to php-*; be optimistic and
leave the DEPENDS in a form which allows PHP 5.x to match, since it should
work just as well
2004-10-31 23:47:32 +00:00
wiz
76c76a00e0 Call INSTALL_DATA_DIR multiple times with only one argument,
instead of once with three, since Solaris' install -d doesn't handle that.
2004-04-04 10:40:19 +00:00
bouyer
f7fbec66f4 Update to 2.2.4, based on patch from Adrian Portelli in pkg/22629.
Changes since 2.2.4rc1:
[mdj] SECURITY: Add dereferer to strip off session information from links to
      the outside of the Horde system to protect against session hijacking.
[jan] Fix a bug with importing vCard 2.1 data.
[jan] Add Arabic (Syria) translation (Platinum Development Team
      <devteam@platinum-sy.net>).
2003-09-14 21:26:40 +00:00
erh
b494ad7737 Add a reminder that the php database modules need to be installed by hand,
since we don't know which database you'll be configuring horde for.
2003-09-04 03:26:04 +00:00
tron
712c0b2bcf Fix dependences broken by update of PHP to version 4.3.3. 2003-09-01 12:37:14 +00:00
bouyer
1a984c93d3 Update to horde-2.2.4rc1, to fix a security issue.
Changes since 2.2.1:
[mms] SECURITY: Add code to protect against session fixation issues.
[jan] Add Macedonian translation (Stojan Pesov <ssp@eureka.com.mk>).
[mir] Fix a bug that incorrectly quotes pref values (Bug #1224)
[cjh] Fix a bug that prevented logging.
[mms] DB session handlers do not use persistent connections by default.
[mms] Fix parse error in Horde_Cipher_BlockMode_ofb64::.
[mms] Optimization of Secret:: and Horde_Cipher:: drivers.
[jan] Add Catalan translation (Angels Guimerà <angels.Guimera@uab.es>).
[mms] Added a RADIUS Auth:: driver.
[mir] Added a Samba Auth:: driver.
[cjh] Added the Horde_Image:: class.
2003-08-16 21:07:17 +00:00
grant
ca3be631f2 s/netbsd.org/NetBSD.org/ 2003-07-17 22:50:55 +00:00
bouyer
0c6b709545 Update to 2.2.1.
Main changes since 2.0:
Add various translations
Add a preference to allow maintenance ops with no confirmation screen
Allow setting the number of columns in the summary screen as a user
      preference (Brian Keifer <brian@valinor.net>).
Make text, icon, or both menus a user preference
Add a Horde preferences screen, and a preference to refresh the summary
      screen.
Add text/enriched MIME_Viewer

See share/doc/horde/CHANGES for details.
2003-03-17 17:58:13 +00:00
mason
f17b2a4192 fix grammatical error 2003-03-14 20:41:30 +00:00
jlam
d7f69e47ce Instead of including bsd.pkg.install.mk directly in a package Makefile,
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES".  This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile.  Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
2003-01-28 22:03:00 +00:00