From bd0e5a2bd9614d225410dc2dbe9643cdfae15364829804e8db7df5e7c0993090 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aeneas=20Jai=C3=9Fle?= Date: Wed, 5 Oct 2016 11:21:28 +0000 Subject: [PATCH] - Update to 1.2.2 [boo#1001856] - Enigma: Add possibility to configure gpg-agent binary location (enigma_pgp_agent) - Enigma: Fix signature verification with some IMAP servers, e.g. Gmail, DBMail (#5371) - Enigma: Make recipient key searches case-insensitive (#5434) - Fix regression in resizing JPEG images with Imagick (#5376) - Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372) - Use SymLinksIfOwnerMatch in .htaccess instead of FollowSymLinks disabled on some hosts for security reasons (#5370) - Wash position:fixed style in HTML mail for better security (#5264) - Fix bug where memcache_debug didn't work for session operations - Fix bug where Message-ID domain part was tied to username instead of current identity (#5385) - Fix bug where blocked.gif couldn't be attached to reply/forward with insecure content - Fix E_DEPRECATED warning when using Auth_SASL::factory() (#5401) - Fix bug where names of downloaded files could be malformed when derived from the message subject (#5404) - Fix so "All" messages selection is resetted on search reset (#5413) - Fix bug where folder creation could fail if personal namespace contained more than one entry (#5403) - Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified (#5400) - Fix PHP warning when handling shared namespace with empty prefix (#5420) - Fix so folders list is scrolled to the selected folder on page load (#5424) - Fix so when moving to Trash we make sure the folder exists (#5192) - Fix displaying size of attachments with zero size - Fix so "Action disabled" error uses more appropriate 404 code (#5440) OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=104 --- README.openSUSE | 7 +- roundcubemail-1.2.1.tar.gz | 3 - roundcubemail-1.2.2.tar.gz | 3 + roundcubemail-httpd.conf | 187 +++++++++++++++++++++---------------- roundcubemail.changes | 25 +++++ roundcubemail.spec | 4 +- 6 files changed, 143 insertions(+), 86 deletions(-) delete mode 100644 roundcubemail-1.2.1.tar.gz create mode 100644 roundcubemail-1.2.2.tar.gz diff --git a/README.openSUSE b/README.openSUSE index 36c0b5e..1f5b485 100644 --- a/README.openSUSE +++ b/README.openSUSE @@ -14,7 +14,7 @@ also use other SQL based database engines. After installation of the package the application will immediately be reachable from everywhere once Apache is enabled under the URL - http://IP-ADDRESS/roundcube + http://IP-ADDRESS/roundcubemail The configuration is copied from the example config files from the package and therefore not really working. @@ -37,8 +37,9 @@ Note 1: 'password' is the master password for the roundcube user. It is strongly recommended you replace this with a more secure password. Please keep in mind: You need to specify this password later in '/etc/roundcubemail/db.inc.php'. + To use the integrated web based installer you need to enable it first -in /etc/roundcubemail/main.inc.php: +in /etc/roundcubemail/config.inc.php: $rcmail_config['enable_installer'] = true; @@ -47,7 +48,7 @@ IMPORTANT: This MUST be disabled again after installation is finished and then access - http://IP-ADDRESS/roundcube/installer + http://IP-ADDRESS/roundcubemail/installer to finish the installation. diff --git a/roundcubemail-1.2.1.tar.gz b/roundcubemail-1.2.1.tar.gz deleted file mode 100644 index 1240a57..0000000 --- a/roundcubemail-1.2.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:05c0b17c8951db1d220f2f2186e6981545789da0d084a543e28a7d2511db8302 -size 3559023 diff --git a/roundcubemail-1.2.2.tar.gz b/roundcubemail-1.2.2.tar.gz new file mode 100644 index 0000000..6da8b20 --- /dev/null +++ b/roundcubemail-1.2.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6c647ed28ea0ae1b730a1784018b63884e65ed6036208e9c3a6ee62123fe856d +size 3562148 diff --git a/roundcubemail-httpd.conf b/roundcubemail-httpd.conf index 8cfd98f..5bf7fdd 100644 --- a/roundcubemail-httpd.conf +++ b/roundcubemail-httpd.conf @@ -9,14 +9,13 @@ - #Alias /roundcube __ROUNDCUBEPATH__ - Alias /roundcubemail __ROUNDCUBEPATH__ + Alias /roundcubemail "__ROUNDCUBEPATH__/public_html" # AddDefaultCharset UTF-8 AddType text/x-component .htc - + Order allow,deny @@ -37,8 +36,7 @@ AddType text/x-component .htc Allow from all - Options -Indexes +FollowSymLinks - + # WARNING: For PHP 7 the module name in the line below need to be modified! php_flag display_errors Off php_flag log_errors On @@ -52,10 +50,10 @@ AddType text/x-component .htc php_flag zlib.output_compression Off php_flag magic_quotes_gpc Off php_flag magic_quotes_runtime Off - php_flag zend.ze1_compatibility_mode Off php_flag suhosin.session.encrypt Off #php_value session.cookie_path / + #php_value session.hash_function sha256 php_flag session.auto_start Off php_value session.gc_maxlifetime 21600 php_value session.gc_divisor 500 @@ -63,6 +61,7 @@ AddType text/x-component .htc + Options +SymLinksIfOwnerMatch RewriteEngine On RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico @@ -83,6 +82,8 @@ AddType text/x-component .htc #Header merge Cache-Control public env=!NO_CACHE + # for better privacy/security ask browsers to not set the Referer + #Header set Content-Security-Policy "referrer no-referrer" @@ -91,35 +92,17 @@ AddType text/x-component .htc FileETag MTime Size + + + Options -Indexes + # # Special directories # - - - - Order deny,allow - Deny from all - - = 2.4> - - Require all denied - - - Order deny,allow - Deny from all - - - - - Order deny,allow - Deny from all - - - - + Options -FollowSymLinks AllowOverride None @@ -143,7 +126,29 @@ AddType text/x-component .htc - + + + + Order deny,allow + Deny from all + + = 2.4> + + Require all denied + + + Order deny,allow + Deny from all + + + + + Order deny,allow + Deny from all + + + + Options -FollowSymLinks AllowOverride None @@ -167,7 +172,7 @@ AddType text/x-component .htc - + Options -FollowSymLinks AllowOverride None @@ -190,61 +195,85 @@ AddType text/x-component .htc Deny from all - - - Options -FollowSymLinks - AllowOverride None - - - Order deny,allow - Deny from all - - = 2.4> - - Require all denied - - - Order deny,allow - Deny from all - - - - - Order deny,allow - Deny from all - - - - - - - Order deny,allow - Deny from all - - = 2.4> - - Require all denied - - - Order deny,allow - Deny from all - - - - - Order deny,allow - Deny from all - - - + + Options -FollowSymLinks + AllowOverride None + + + Order deny,allow + Deny from all + + = 2.4> + + Require all denied + + + Order deny,allow + Deny from all + + + + + Order deny,allow + Deny from all + + + + + Options -FollowSymLinks + AllowOverride None + + + Order deny,allow + Deny from all + + = 2.4> + + Require all denied + + + Order deny,allow + Deny from all + + + + + Order deny,allow + Deny from all + + + + + + + Order deny,allow + Deny from all + + = 2.4> + + Require all denied + + + Order deny,allow + Deny from all + + + + + Order deny,allow + Deny from all + + + + RewriteEngine On RewriteRule !^js|.*\.gif$ - [F] - + Options -FollowSymLinks AllowOverride None diff --git a/roundcubemail.changes b/roundcubemail.changes index ad51563..1093c9f 100644 --- a/roundcubemail.changes +++ b/roundcubemail.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Thu Sep 29 14:23:42 UTC 2016 - aj@ajaissle.de + +- Update to 1.2.2 [boo#1001856] + - Enigma: Add possibility to configure gpg-agent binary location (enigma_pgp_agent) + - Enigma: Fix signature verification with some IMAP servers, e.g. Gmail, DBMail (#5371) + - Enigma: Make recipient key searches case-insensitive (#5434) + - Fix regression in resizing JPEG images with Imagick (#5376) + - Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372) + - Use SymLinksIfOwnerMatch in .htaccess instead of FollowSymLinks disabled on some hosts for security reasons (#5370) + - Wash position:fixed style in HTML mail for better security (#5264) + - Fix bug where memcache_debug didn't work for session operations + - Fix bug where Message-ID domain part was tied to username instead of current identity (#5385) + - Fix bug where blocked.gif couldn't be attached to reply/forward with insecure content + - Fix E_DEPRECATED warning when using Auth_SASL::factory() (#5401) + - Fix bug where names of downloaded files could be malformed when derived from the message subject (#5404) + - Fix so "All" messages selection is resetted on search reset (#5413) + - Fix bug where folder creation could fail if personal namespace contained more than one entry (#5403) + - Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified (#5400) + - Fix PHP warning when handling shared namespace with empty prefix (#5420) + - Fix so folders list is scrolled to the selected folder on page load (#5424) + - Fix so when moving to Trash we make sure the folder exists (#5192) + - Fix displaying size of attachments with zero size + - Fix so "Action disabled" error uses more appropriate 404 code (#5440) + ------------------------------------------------------------------- Thu Aug 11 17:02:25 UTC 2016 - aj@ajaissle.de diff --git a/roundcubemail.spec b/roundcubemail.spec index 495ec09..86e57df 100644 --- a/roundcubemail.spec +++ b/roundcubemail.spec @@ -17,7 +17,7 @@ Name: roundcubemail -Version: 1.2.1 +Version: 1.2.2 Release: 0 Summary: A modern browser-based multilingual IMAP client License: GPL-3.0+ and GPL-2.0 and BSD-3-Clause @@ -123,6 +123,7 @@ mv program/lib/Roundcube %{buildroot}%{_datadir}/php5/Roundcube # install roundcubemail %{__install} -d -m 0755 %{buildroot}%{roundcubepath} cp -a * %{buildroot}%{roundcubepath}/ +%{__ln_s} %{roundcubepath}/installer %{buildroot}%{roundcubepath}/public_html/installer # install config mkdir -p %{buildroot}%{_sysconfdir}/%{name} @@ -281,6 +282,7 @@ exit 0 %{roundcubepath}/logs %ghost %{roundcubepath}/migrated/ %ghost %{roundcubepath}/migration/ +%{roundcubepath}/public_html/ %{roundcubepath}/plugins/ %{roundcubepath}/program/ %{roundcubepath}/skins/