diff --git a/roundcubemail-1.4.6-complete.tar.gz b/roundcubemail-1.4.6-complete.tar.gz
deleted file mode 100644
index 51a2c59..0000000
--- a/roundcubemail-1.4.6-complete.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:55db5fae9f518e529aeb190166445bda3ceab94bf0277cbb03291bd0e4febd1b
-size 7031573
diff --git a/roundcubemail-1.4.6-complete.tar.gz.asc b/roundcubemail-1.4.6-complete.tar.gz.asc
deleted file mode 100644
index 98c4a06..0000000
--- a/roundcubemail-1.4.6-complete.tar.gz.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJHBAABCAAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAl7czK4THGRldnNAcm91
-bmRjdWJlLm5ldAAKCRDClGqWCc1WtHWoD/9JkBY67BWBmYSUw75nlsI4yx39o4hb
-Iw6OsrqWVtjgoxMr8JE3K0cwo9saHx7sNgXqD29ayFuqeIYTE8Gb2aexlesem5J8
-z+BDdnDaqrWqxwJkStFAe/trgF5itEuW+MpADIsV51sk6/pQ/vi9A6WvmuozFsqv
-giyE7YR23rx7Tqf0fM9sJcriGepZkyu5NjEqZT8G2UVf4ewKzyKHGZNtSyz7e9s0
-Bn55+1Ak8Y3GPtnre376BVzLzzAbYzs1aa9Zr+VsxONZXEtwTS0ZEqco89HkWihN
-mtLUimR0MeIoBIauVERUsOmHjVDmO6BWN/JiPu59xEho2ugIDvvI5/8SQF4Z386Q
-h0g7AU51ya2Jz9k0u7QJ0zL9eAM1JW+cZYPepcRa21p/MKIBozfIuil9b4UoBjLs
-VhUDR/KoZCbT9UqDKahgu/AqdBkxe4KcQYtn/LBvfKFLul6aKkTDToavG8MExZ8y
-grOWwNOmBVbdh5jYLsIKQ36n0ISmh6ItM9LGpeqx/g1/PodAHBQybY5zs/gNMIix
-mVJAIjMQexKsYueZ/WhPn4HFpDIPcbQ64Abmnk7N85TTK2es/l7U+X4sVPB9Ze0Y
-MvZNS4gn3x2d3xhlytaIaSBID/PabJxMVM+MAUNNIbQDqxRuvcttXtpeCq9Oiwqr
-XsYhel4zq465Sg==
-=ql/T
------END PGP SIGNATURE-----
diff --git a/roundcubemail-1.4.7-complete.tar.gz b/roundcubemail-1.4.7-complete.tar.gz
new file mode 100644
index 0000000..9b5a69d
--- /dev/null
+++ b/roundcubemail-1.4.7-complete.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:26d85d27ff7ef491de09168a27df74a5574b7dd4127e6c2822c90a108c6aacc9
+size 7031947
diff --git a/roundcubemail-1.4.7-complete.tar.gz.asc b/roundcubemail-1.4.7-complete.tar.gz.asc
new file mode 100644
index 0000000..3bc0f06
--- /dev/null
+++ b/roundcubemail-1.4.7-complete.tar.gz.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJHBAABCAAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAl8CNNITHGRldnNAcm91
+bmRjdWJlLm5ldAAKCRDClGqWCc1WtOxrEAC8CRrTFi4UfZ0meKMSz/8cghNLGokS
+9xMVR7xZ+XO3S6GsFZjS+g+qKXmOzIUXMfS7h9qQRBQHzjWynDSwr79kCzJ4QPF8
+yzdEpEWG2ycZmV6/312CvoPllbAZDQaNxIaW+jBtEmom5qzw9+V8bPgcpqJbBMBY
+pr8jRaeEZ++cCS9jeUoIgCaGDbUZHGoGbnr4IE8JlfQD7vfbBdmnt8gr80BD22i2
+XbL8Yw6jaaAA5aEl8bEjhbAYpm1xf/LQxAD1MXuIGK/HGdnOvsIN2LAdXDNUsORX
+hEDW2R2JE82qfJJH26WbSLIxfUEmPCE+QI4kPdaCgYVbk/ZxnWhvfeF0Z0PIDmzC
+JctmqlkQFrM+0/29cclhdbW2XdH/xr2R/iiqPGId5kaI1hyZkRwWbH94Mvk/VtBd
+8mslKIiU1LMXOjKe6H7GOe4ier0wWePPO9U1KhRdlicdXBuxxqJxG6m2R/jjTvOD
+/wIbABfEifOqhXq0BwPMTIYOvmCa9bPy6LsmNE5Pr6qpViTdA5eookkGcHuEWnPt
+dT+r+iqJHA2zPWQ+tgy0XNNk/qSzKXRJI2x8lN/h1Csz1i/b2Ue2Zq/MtOOWzjJg
+KlUOBo4qawwSTWn4uvoZgTpUYwp4SvHSxyt9O5OJsoVFEm4h1mFbUxLLYNcamK2A
+TX/E12D3rviCjA==
+=giko
+-----END PGP SIGNATURE-----
diff --git a/roundcubemail-1.4.6-config_dir.patch b/roundcubemail-1.4.7-config_dir.patch
similarity index 70%
rename from roundcubemail-1.4.6-config_dir.patch
rename to roundcubemail-1.4.7-config_dir.patch
index eb82e7e..1460eca 100644
--- a/roundcubemail-1.4.6-config_dir.patch
+++ b/roundcubemail-1.4.7-config_dir.patch
@@ -1,7 +1,7 @@
-Index: roundcubemail-1.4.4/program/include/iniset.php
+Index: roundcubemail-1.4.7/program/include/iniset.php
===================================================================
---- roundcubemail-1.4.4.orig/program/include/iniset.php
-+++ roundcubemail-1.4.4/program/include/iniset.php
+--- roundcubemail-1.4.7.orig/program/include/iniset.php
++++ roundcubemail-1.4.7/program/include/iniset.php
@@ -28,7 +28,7 @@ if (!defined('INSTALL_PATH')) {
}
diff --git a/roundcubemail-httpd.conf b/roundcubemail-httpd.conf
index d7a2376..34699d6 100644
--- a/roundcubemail-httpd.conf
+++ b/roundcubemail-httpd.conf
@@ -9,6 +9,7 @@
+ Alias /roundcube "__ROUNDCUBEPATH__/public_html"
Alias /roundcubemail "__ROUNDCUBEPATH__/public_html"
@@ -37,53 +38,11 @@ AddType text/x-component .htc
- php_flag display_errors Off
- php_flag log_errors On
- #php_value error_log logs/errors
-
- php_value upload_max_filesize 5M
- php_value post_max_size 6M
- php_value memory_limit 64M
-
- php_flag register_globals Off
- php_flag zlib.output_compression Off
- php_flag magic_quotes_gpc Off
- php_flag magic_quotes_runtime Off
- php_flag suhosin.session.encrypt Off
-
- #php_value session.cookie_path /
- #php_value session.hash_function sha256
- php_flag session.auto_start Off
- php_value session.gc_maxlifetime 21600
- php_value session.gc_divisor 500
- php_value session.gc_probability 1
- # http://bugs.php.net/bug.php?id=30766
- php_value mbstring.func_overload 0
+ Include @apache_sysconfdir@/conf.d/@name@.inc
- php_flag display_errors Off
- php_flag log_errors On
- #php_value error_log logs/errors
-
- php_value upload_max_filesize 5M
- php_value post_max_size 6M
- php_value memory_limit 64M
-
- php_flag register_globals Off
- php_flag zlib.output_compression Off
- php_flag magic_quotes_gpc Off
- php_flag magic_quotes_runtime Off
- php_flag suhosin.session.encrypt Off
-
- #php_value session.cookie_path /
- #php_value session.hash_function sha256
- php_flag session.auto_start Off
- php_value session.gc_maxlifetime 21600
- php_value session.gc_divisor 500
- php_value session.gc_probability 1
- # http://bugs.php.net/bug.php?id=30766
- php_value mbstring.func_overload 0
+ Include @apache_sysconfdir@/conf.d/@name@.inc
diff --git a/roundcubemail-httpd.inc b/roundcubemail-httpd.inc
new file mode 100644
index 0000000..7e9b5ed
--- /dev/null
+++ b/roundcubemail-httpd.inc
@@ -0,0 +1,22 @@
+php_admin_flag display_errors off
+php_admin_flag log_errors on
+#php_admin_value error_log logs/errors
+
+php_admin_flag magic_quotes_gpc off
+php_admin_flag magic_quotes_runtime off
+php_admin_flag register_globals off
+php_admin_flag suhosin.session.encrypt off
+php_admin_flag zlib.output_compression off
+
+php_admin_value upload_max_filesize 5M
+php_admin_value post_max_size 6M
+php_admin_value memory_limit 64M
+
+php_admin_flag session.auto_start off
+#php_admin_value session.cookie_path /
+#php_admin_value session.hash_function sha256
+php_admin_value session.gc_maxlifetime 21600
+php_admin_value session.gc_divisor 500
+php_admin_value session.gc_probability 1
+# http://bugs.php.net/bug.php?id=30766
+php_admin_value mbstring.func_overload 0
diff --git a/roundcubemail.changes b/roundcubemail.changes
index 7951b21..2e3719c 100644
--- a/roundcubemail.changes
+++ b/roundcubemail.changes
@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Mon Jul 6 12:00:02 UTC 2020 - Michael Ströder
+
+- update to 1.4.7 with security fix:
+ * Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace
+ * Fix bug where subfolders of special folders could have been duplicated on folder list
+ * Increase maximum size of contact jobtitle and department fields to 128 characters
+ * Fix missing newline after the logged line when writing to stdout (#7418)
+ * Elastic: Fix context menu (paste) on the recipient input (#7431)
+ * Fix problem with forwarding inline images attached to messages with no HTML part (#7414)
+ * Fix problem with handling attached images with same name when using
+ database_attachments/redundant_attachments (#7455)
+- renamed roundcubemail-1.4.6-config_dir.patch to
+ roundcubemail-1.4.7-config_dir.patch
+
+-------------------------------------------------------------------
+Fri Jul 3 18:43:00 UTC 2020 - chris@computersalat.de
+
+- add http.inc file
+ * include one file for php5/php7 admin flags/values
+
-------------------------------------------------------------------
Sun Jun 7 14:27:25 UTC 2020 - Michael Ströder
diff --git a/roundcubemail.spec b/roundcubemail.spec
index 654cc0a..150e428 100644
--- a/roundcubemail.spec
+++ b/roundcubemail.spec
@@ -22,19 +22,20 @@
%define roundcubeconfigpath %{_sysconfdir}/%{name}
%define php_major_version %(php -r "echo PHP_MAJOR_VERSION;")
Name: roundcubemail
-Version: 1.4.6
+Version: 1.4.7
Release: 0
Summary: A browser-based multilingual IMAP client
License: GPL-3.0-or-later AND GPL-2.0-only AND BSD-3-Clause
Group: Productivity/Networking/Email/Clients
URL: https://www.roundcube.net/
-Source0: https://github.com/roundcube/roundcubemail/releases/download/%{version}/%{name}-%{version}-complete.tar.gz
+Source0: https://github.com/roundcube/%{name}/releases/download/%{version}/%{name}-%{version}-complete.tar.gz
Source1: %{name}-rpmlintrc
Source2: %{name}-httpd.conf
+Source3: %{name}-httpd.inc
Source4: README.openSUSE
Source5: %{name}.logrotate
Source6: https://roundcube.net/download/pubkey.asc#/%{name}.keyring
-Source7: https://github.com/roundcube/roundcubemail/releases/download/%{version}/%{name}-%{version}-complete.tar.gz.asc
+Source7: https://github.com/roundcube/%{name}/releases/download/%{version}/%{name}-%{version}-complete.tar.gz.asc
Source8: robots.txt
# PATCH-FIX-OPENSUSE roundcubemail-1.1-beta-config_dir.patch -- use the general config directory /etc
Patch0: %{name}-%{version}-config_dir.patch
@@ -169,8 +170,12 @@ for file in _styles.less _variables.less ; do
done
# install httpd.conf file and adapt the configuration
-install -d -m 0755 %{buildroot}/%{apache_sysconfdir}/conf.d
-sed -e "s#__ROUNDCUBEPATH__#%{roundcubepath}#g" %{SOURCE2} > %{buildroot}%{apache_sysconfdir}/conf.d/roundcubemail.conf
+install -D -m0644 %{SOURCE3} %{buildroot}%{apache_sysconfdir}/conf.d/%{name}.inc
+# fix paths in http config
+sed -e "s#__ROUNDCUBEPATH__#%{roundcubepath}#g" \
+ -e "s,@apache_sysconfdir@,%{apache_sysconfdir},g" \
+ -e "s,@name@,%{name},g" \
+%{SOURCE2} > %{buildroot}%{apache_sysconfdir}/conf.d/%{name}.conf
# install docs
install -d -m 0755 %{buildroot}/%{_defaultdocdir}/%{name}
@@ -323,7 +328,8 @@ exit 0
%config %{roundcubeconfigpath}/config.inc.php.sample
%config %{roundcubeconfigpath}/defaults.inc.php
%config %{roundcubeconfigpath}/mimetypes.php
-%config(noreplace) %{apache_sysconfdir}/conf.d/roundcubemail.conf
+%config(noreplace) %{apache_sysconfdir}/conf.d/%{name}.conf
+%config(noreplace) %{apache_sysconfdir}/conf.d/%{name}.inc
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config(noreplace) %{roundcubeconfigpath}/skins/elastic/styles/_styles.less
%config(noreplace) %{roundcubeconfigpath}/skins/elastic/styles/_variables.less