Update roundcube-plugin-enigma to 1.4.2.
pkgsrc change:
* Use common patches/distinfo directory with roundcube.
RELEASE 1.4.2
-------------
- Enigma: Add script to import keys from filesystem to the db storage (for multihost)
RELEASE 1.4.1
-------------
- Enigma: Fix bug where signing option was set to disabled after saving a draft in Elastic skin (#6515)
RELEASE 1.4-rc2
---------------
- Added 'keyservers' option to define list of HKP servers for Enigma/Mailvelope (#6326)
- Enigma: For verified signatures, display the user id associated with the sender address (#5958)
- Enigma: Fix bug where revoked users/keys were not greyed out in key info
- Enigma: Fix error message when trying to encrypt with a revoked key (#6607)
- Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)
- Enigma: Fix bug where signature verification could have been skipped for some message structures (#6838)
RELEASE 1.4-rc1
---------------
- Enigma: Update to OpenPGPjs 4.2.1 - fixes user name encoding issues in key generation (#6524)
- Enigma: Fixed multi-host synchronization of private and deleted keys and pubring.kbx file
- Elastic: Fix bug where Enigma options in mail compose could sometimes be ignored (#6515)
RELEASE 1.4-beta
----------------
- Enigma: Add button to send mail unencrypted if no key was found (#5913)
- Enigma: Add options to set PGP cipher/digest algorithms (#5645)
- Enigma: Multi-host support
RELEASE 1.3.10
--------------
- Enigma: Fix bug where revoked users/keys were not greyed out in key info
- Enigma: Fix error message when trying to encrypt with a revoked key (#6607)
- Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)
Update roundcube and related pacakges to 1.3.9.
RELEASE 1.3.9
-------------
- Fix TinyMCE download location (#6694)
- Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494)
- Fix handling of empty entries in vCard import (#6564)
- Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577)
- Fix PHP 7.2 compatibility in debug_logger plugin (#6586)
- Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581)
- Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599)
- Fix missing CSRF token on a link to download too-big message part (#6621)
- Fix bug when aborting dragging with ESC key didn't stop the move action (#6623)
- Fix bug where next row wasn't selected after deleting a collapsed thread (#6655)
This is a security update to the stable version 1.2. It fixes a recently
reported vulnerability allowing IMAP command injection via a GET parameters.
More details about this are published under CVE-2018-9846.
The second fix is about a missed remote content blocking on HTML messages with
specially crafted image and style tags.
We strongly recommend to update all productive installations of Roundcube
1.2.x. Please do backup your data before updating!
CHANGELOG
* Fix check_request() bypass in places using get_uids() [CVE-2018-9846]
(#6238)
* Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)
* Fix security issue in remote content blocking on HTML image and style tags
(#6178)
Security fix for CVE-2017-16651.
RELEASE 1.2.7
-------------
- Fix rewind(): stream does not support seeking (#5950)
- Fix bug where HTML messages could have been rendered empty on some systems
(#5957)
- Fix (again) bug where image data URIs in css style were treated as
evil/remote in mail preview (#5580)
- Managesieve: Fix parsing dot-staffed lines in multiline text (#5838, #5959)
- Fix file disclosure vulnerability caused by insufficient input validation
[CVE-2017-16651] (#6026)
pkgsrc changes:
* Add dependency to security/pear-Crypt_GPG.
other changes:
* Add eu_EU and sq_AL locale.
RELEASE 1.2.3
* Enigma: Fix bug where last records on keys list were hidden (#5461)
* Enigma: Fix key search with keyword containing non-ascii characters (#5459)
official roundcube.
Enigma Plugin for Roundcube
This plugin adds support for viewing and sending of signed and encrypted
messages in PGP (RFC 2440) and PGP/MIME (RFC 3156) format.
The plugin uses gpg binary on the server and stores all keys
(including private keys of the users) on the server.
Encryption/decryption is done server-side. So, this plugin
is for users that trust the server.
