From caa5409bff569d734d48a7bfa9383781db7f1366cd5ed000947504d01d65b6e5 Mon Sep 17 00:00:00 2001 From: Lars Vogdt Date: Thu, 13 Aug 2020 00:41:28 +0000 Subject: [PATCH 1/3] Accepting request 825662 from home:stroeder:branches:server:php:applications - update to 1.4.8 with security fixes: * Fix cross-site scripting (XSS) via HTML messages with malicious svg content (CVE-2020-16145) * Fix cross-site scripting (XSS) via HTML messages with malicious math content OBS-URL: https://build.opensuse.org/request/show/825662 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=145 --- roundcubemail-1.4.7-complete.tar.gz | 3 --- roundcubemail-1.4.7-complete.tar.gz.asc | 17 ----------------- roundcubemail-1.4.8-complete.tar.gz | 3 +++ roundcubemail-1.4.8-complete.tar.gz.asc | 17 +++++++++++++++++ ...atch => roundcubemail-1.4.8-config_dir.patch | 6 +++--- roundcubemail.changes | 7 +++++++ roundcubemail.spec | 2 +- 7 files changed, 31 insertions(+), 24 deletions(-) delete mode 100644 roundcubemail-1.4.7-complete.tar.gz delete mode 100644 roundcubemail-1.4.7-complete.tar.gz.asc create mode 100644 roundcubemail-1.4.8-complete.tar.gz create mode 100644 roundcubemail-1.4.8-complete.tar.gz.asc rename roundcubemail-1.4.7-config_dir.patch => roundcubemail-1.4.8-config_dir.patch (70%) diff --git a/roundcubemail-1.4.7-complete.tar.gz b/roundcubemail-1.4.7-complete.tar.gz deleted file mode 100644 index 9b5a69d..0000000 --- a/roundcubemail-1.4.7-complete.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:26d85d27ff7ef491de09168a27df74a5574b7dd4127e6c2822c90a108c6aacc9 -size 7031947 diff --git a/roundcubemail-1.4.7-complete.tar.gz.asc b/roundcubemail-1.4.7-complete.tar.gz.asc deleted file mode 100644 index 3bc0f06..0000000 --- a/roundcubemail-1.4.7-complete.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJHBAABCAAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAl8CNNITHGRldnNAcm91 -bmRjdWJlLm5ldAAKCRDClGqWCc1WtOxrEAC8CRrTFi4UfZ0meKMSz/8cghNLGokS -9xMVR7xZ+XO3S6GsFZjS+g+qKXmOzIUXMfS7h9qQRBQHzjWynDSwr79kCzJ4QPF8 -yzdEpEWG2ycZmV6/312CvoPllbAZDQaNxIaW+jBtEmom5qzw9+V8bPgcpqJbBMBY -pr8jRaeEZ++cCS9jeUoIgCaGDbUZHGoGbnr4IE8JlfQD7vfbBdmnt8gr80BD22i2 -XbL8Yw6jaaAA5aEl8bEjhbAYpm1xf/LQxAD1MXuIGK/HGdnOvsIN2LAdXDNUsORX -hEDW2R2JE82qfJJH26WbSLIxfUEmPCE+QI4kPdaCgYVbk/ZxnWhvfeF0Z0PIDmzC -JctmqlkQFrM+0/29cclhdbW2XdH/xr2R/iiqPGId5kaI1hyZkRwWbH94Mvk/VtBd -8mslKIiU1LMXOjKe6H7GOe4ier0wWePPO9U1KhRdlicdXBuxxqJxG6m2R/jjTvOD -/wIbABfEifOqhXq0BwPMTIYOvmCa9bPy6LsmNE5Pr6qpViTdA5eookkGcHuEWnPt -dT+r+iqJHA2zPWQ+tgy0XNNk/qSzKXRJI2x8lN/h1Csz1i/b2Ue2Zq/MtOOWzjJg -KlUOBo4qawwSTWn4uvoZgTpUYwp4SvHSxyt9O5OJsoVFEm4h1mFbUxLLYNcamK2A -TX/E12D3rviCjA== -=giko ------END PGP SIGNATURE----- diff --git a/roundcubemail-1.4.8-complete.tar.gz b/roundcubemail-1.4.8-complete.tar.gz new file mode 100644 index 0000000..345f8f3 --- /dev/null +++ b/roundcubemail-1.4.8-complete.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d91490c55b357391efd3e10863bcdf897595df33a8c73faa2ea9df3391d06a4a +size 7032822 diff --git a/roundcubemail-1.4.8-complete.tar.gz.asc b/roundcubemail-1.4.8-complete.tar.gz.asc new file mode 100644 index 0000000..b8b2846 --- /dev/null +++ b/roundcubemail-1.4.8-complete.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJHBAABCAAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAl8xm8ETHGRldnNAcm91 +bmRjdWJlLm5ldAAKCRDClGqWCc1WtMxgD/41V6BpSrdz3Z4ZjGWxCHm3D/IJFK/9 +w/wXdM2ONxZu27RrtDVn0WPx4hJQ27xcPJi8Gq8ZAd7PK5TSFq0RYBpHq41u/kad +dVrN7AJq+KGRkkUVBfrrqPVQY0tkeHnG5YFv6IxD4qILs/JurZ3Zed0glcMq11b5 +eRAL00q/0vMeXMjbCEZDlCtzmHsqEY03f9dDBfRImhiMGU3W7QWv7fB4hCqPOGVg +mIWfbTO4JhgvdHIP30fJe79Fii0V4K7vUaZO7c0vPZ3Y8QzUgenoqdHrDqe6pCGg +M06P4incxa8YwjIkA1yuzraITVmG517JQoyv/xjG6GRqGDvw+Xo4Q514LP/piOrD +ZaQcXy60ytb8ywGFoIN4cGRpI0uN3WLVKc05J81NqU6O/DcwQK6nJkUE2D+QqQpr +dSTc06cawKKPOKnIGLicJX/JHsrMDFwqmN6d07YA5rpRasZUwpzhrN2DGCxl2ir4 +tGviz0q/ZEche1uIzRZtFFsfm1MAaCsQ2xeHWqU+LSkCgXtSKMHblUy6KORBnP6Q +9X1IiRsYzaXrpDU5g4DWQRwYSJYNxjpmdMDI3uxa7uLrQ/v8uCyvy4yWhjOCX1wA +zdbLJC2oWe0bhC5gdHEmgwAbTO9E+Az5i57BNCfyU3/Qy45VYEnTrrV8NwNuVVf/ +vY9DlDyD5VKo+Q== +=zXiu +-----END PGP SIGNATURE----- diff --git a/roundcubemail-1.4.7-config_dir.patch b/roundcubemail-1.4.8-config_dir.patch similarity index 70% rename from roundcubemail-1.4.7-config_dir.patch rename to roundcubemail-1.4.8-config_dir.patch index 1460eca..8a3b702 100644 --- a/roundcubemail-1.4.7-config_dir.patch +++ b/roundcubemail-1.4.8-config_dir.patch @@ -1,7 +1,7 @@ -Index: roundcubemail-1.4.7/program/include/iniset.php +Index: roundcubemail-1.4.8/program/include/iniset.php =================================================================== ---- roundcubemail-1.4.7.orig/program/include/iniset.php -+++ roundcubemail-1.4.7/program/include/iniset.php +--- roundcubemail-1.4.8.orig/program/include/iniset.php ++++ roundcubemail-1.4.8/program/include/iniset.php @@ -28,7 +28,7 @@ if (!defined('INSTALL_PATH')) { } diff --git a/roundcubemail.changes b/roundcubemail.changes index 2e3719c..e745139 100644 --- a/roundcubemail.changes +++ b/roundcubemail.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Aug 11 03:52:20 UTC 2020 - Michael Ströder + +- update to 1.4.8 with security fixes: + * Fix cross-site scripting (XSS) via HTML messages with malicious svg content (CVE-2020-16145) + * Fix cross-site scripting (XSS) via HTML messages with malicious math content + ------------------------------------------------------------------- Mon Jul 6 12:00:02 UTC 2020 - Michael Ströder diff --git a/roundcubemail.spec b/roundcubemail.spec index 150e428..2246710 100644 --- a/roundcubemail.spec +++ b/roundcubemail.spec @@ -22,7 +22,7 @@ %define roundcubeconfigpath %{_sysconfdir}/%{name} %define php_major_version %(php -r "echo PHP_MAJOR_VERSION;") Name: roundcubemail -Version: 1.4.7 +Version: 1.4.8 Release: 0 Summary: A browser-based multilingual IMAP client License: GPL-3.0-or-later AND GPL-2.0-only AND BSD-3-Clause From a329948fc3b3f336fabcc5027b38ce7641832e8ddcfe63c793ceba1925af7e0f Mon Sep 17 00:00:00 2001 From: Lars Vogdt Date: Thu, 13 Aug 2020 15:38:45 +0000 Subject: [PATCH 2/3] - finally renamed roundcubemail-1.4.8-config_dir.patch to roundcubemail-config_dir.patch to avoid additional roundtrip times with each submission OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=146 --- ....4.8-config_dir.patch => roundcubemail-config_dir.patch | 0 roundcubemail.changes | 7 +++++++ roundcubemail.spec | 4 ++-- 3 files changed, 9 insertions(+), 2 deletions(-) rename roundcubemail-1.4.8-config_dir.patch => roundcubemail-config_dir.patch (100%) diff --git a/roundcubemail-1.4.8-config_dir.patch b/roundcubemail-config_dir.patch similarity index 100% rename from roundcubemail-1.4.8-config_dir.patch rename to roundcubemail-config_dir.patch diff --git a/roundcubemail.changes b/roundcubemail.changes index e745139..9f32ebd 100644 --- a/roundcubemail.changes +++ b/roundcubemail.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Aug 13 15:37:19 UTC 2020 - Lars Vogdt + +- finally renamed roundcubemail-1.4.8-config_dir.patch to + roundcubemail-config_dir.patch to avoid additional roundtrip + times with each submission + ------------------------------------------------------------------- Tue Aug 11 03:52:20 UTC 2020 - Michael Ströder diff --git a/roundcubemail.spec b/roundcubemail.spec index 2246710..3035a4a 100644 --- a/roundcubemail.spec +++ b/roundcubemail.spec @@ -37,8 +37,8 @@ Source5: %{name}.logrotate Source6: https://roundcube.net/download/pubkey.asc#/%{name}.keyring Source7: https://github.com/roundcube/%{name}/releases/download/%{version}/%{name}-%{version}-complete.tar.gz.asc Source8: robots.txt -# PATCH-FIX-OPENSUSE roundcubemail-1.1-beta-config_dir.patch -- use the general config directory /etc -Patch0: %{name}-%{version}-config_dir.patch +# PATCH-FIX-OPENSUSE roundcubemail-config_dir.patch -- use the general config directory /etc +Patch0: %{name}-config_dir.patch BuildRequires: apache2-devel BuildRequires: pcre-devel BuildRequires: php From 9d6767974e262e4611b39cd14b57e61bc7b4863825998b91f659fc8ec5c3e6ff Mon Sep 17 00:00:00 2001 From: Lars Vogdt Date: Sat, 15 Aug 2020 21:18:38 +0000 Subject: [PATCH 3/3] MAKE BOT HAPPY AND MENTION THE PATCH TWICE + removed roundcubemail-1.4.7-config_dir.patch + added roundcubemail-config_dir.patch OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=147 --- roundcubemail.changes | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roundcubemail.changes b/roundcubemail.changes index 9f32ebd..d5bb004 100644 --- a/roundcubemail.changes +++ b/roundcubemail.changes @@ -3,7 +3,9 @@ Thu Aug 13 15:37:19 UTC 2020 - Lars Vogdt - finally renamed roundcubemail-1.4.8-config_dir.patch to roundcubemail-config_dir.patch to avoid additional roundtrip - times with each submission + times with each submission: + + removed roundcubemail-1.4.7-config_dir.patch + + added roundcubemail-config_dir.patch ------------------------------------------------------------------- Tue Aug 11 03:52:20 UTC 2020 - Michael Ströder