From a7a754dee8a52d2b9f0b63f0c7b0a581fd6c4cf5042d67c52af0a2c827e38745 Mon Sep 17 00:00:00 2001 From: Dirk Stoecker Date: Wed, 3 Jun 2020 15:22:56 +0000 Subject: [PATCH] Accepting request 811037 from home:lrupp:branches:server:php:applications - update to 1.4.5 Security fixes * Fix XSS issue in template object 'username' (#7406) * Fix cross-site scripting (XSS) via malicious XML attachment * Fix a couple of XSS issues in Installer (#7406) * Better fix for CVE-2020-12641 Other changes * Fix bug in extracting required plugins from composer.json that led to spurious error in log (#7364) * Fix so the database setup description is compatible with MySQL 8 (#7340) * Markasjunk: Fix regression in jsevent driver (#7361) * Fix missing flag indication on collapsed thread in Larry and Elastic (#7366) * Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367) * Password: Fix issue with Modoboa driver (#7372) * Mailvelope: Use sender's address to find pubkeys to check signatures (#7348) * Mailvelope: Fix Encrypt button hidden in Elastic (#7353) * Fix PHP warning: count(): Parameter must be an array or an object... in ID command handler (#7392) * Fix error when user-configured skin does not exist anymore (#7271) * Elastic: Fix aspect ratio of a contact photo in mail preview (#7339) * Fix bug where PDF attachments marked as inline could have not been attached on mail forward (#7382) * Security: Fix a couple of XSS issues in Installer (#7406) * Security: Fix XSS issue in template object 'username' (#7406) * Security: Fix cross-site scripting (XSS) via malicious XML attachment * Security: Better fix for CVE-2020-12641 - renamed roundcubemail-1.4.4-config_dir.patch to roundcubemail-1.4.5-config_dir.patch OBS-URL: https://build.opensuse.org/request/show/811037 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=139 --- roundcubemail-1.4.4-complete.tar.gz | 3 -- roundcubemail-1.4.4-complete.tar.gz.asc | 17 ---------- roundcubemail-1.4.5-complete.tar.gz | 3 ++ roundcubemail-1.4.5-complete.tar.gz.asc | 17 ++++++++++ ...ch => roundcubemail-1.4.5-config_dir.patch | 0 roundcubemail.changes | 32 +++++++++++++++++++ roundcubemail.spec | 2 +- 7 files changed, 53 insertions(+), 21 deletions(-) delete mode 100644 roundcubemail-1.4.4-complete.tar.gz delete mode 100644 roundcubemail-1.4.4-complete.tar.gz.asc create mode 100644 roundcubemail-1.4.5-complete.tar.gz create mode 100644 roundcubemail-1.4.5-complete.tar.gz.asc rename roundcubemail-1.4.4-config_dir.patch => roundcubemail-1.4.5-config_dir.patch (100%) diff --git a/roundcubemail-1.4.4-complete.tar.gz b/roundcubemail-1.4.4-complete.tar.gz deleted file mode 100644 index 958a51f..0000000 --- a/roundcubemail-1.4.4-complete.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2b8923836a0f83f9806fffc6dfa245705968a0005deab66c1056570eae11c7d7 -size 7029864 diff --git a/roundcubemail-1.4.4-complete.tar.gz.asc b/roundcubemail-1.4.4-complete.tar.gz.asc deleted file mode 100644 index e61af5b..0000000 --- a/roundcubemail-1.4.4-complete.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJHBAABCAAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAl6p12ATHGRldnNAcm91 -bmRjdWJlLm5ldAAKCRDClGqWCc1WtKLmD/9GEeyN5yXsGyY2rjQAWIhMBm4Zwovy -DvCbKmSB6orfIHaLP5LcZP4x3pH8HiVYxviRvtBryFqTwwdAkQdQtkNPDHYgOc7c -xMf+a3A37jXKqEzAllEk0JtZivko9NVI4rkfU7sdTdlkzA4YKOLV5QZv/q8HVbZ+ -qTKF2/Agk01mlHPFXdOAIGPf+sBV3erFo//PswqsZCm42jJ4G/Rj7dYg9LeX9pqw -rFb/5uGtNgEZvPt+T0gko5ngXRMMsuMcUdZuJYi2WdbyXJRQFM20EFnyLrE3hR20 -OqPIy5qCndO0LcAWGmqG1gk5FpQGjH+ehlC+CiiFq5aLUPM84g+zQvxgFaSFR/n/ -mkzXMLCC+1BO8cYbIKdN+WPaimXgDYyYW0ckEbERaS7cqWK4J2PKiLyjxfxA5FAC -oz/NTX61OqyZECD9UMKMmgJfrEAgJsZywzuc0wdunjEHpmXdb/5HFr/tf5IWK28V -GCGV4NrulnYndt9RVkiMMrxo/Fhyc96ENZDoJ+znEzj/cUxssBoW8b1T33Tig+Tg -yY6FuycTR4xe+KYaeVysqlbYLgPFE7Jjc9EcnPPrCvFrCES5327vQ5KhEpazkX1i -nYerS0Wxcfo2/g/izMjNZf2HaWNthi9hkkRLPsXLsdz1eca1tRSOm+NnFTS4Kcsf -h1dYJKq4uy5eZA== -=fZLJ ------END PGP SIGNATURE----- diff --git a/roundcubemail-1.4.5-complete.tar.gz b/roundcubemail-1.4.5-complete.tar.gz new file mode 100644 index 0000000..433ddbc --- /dev/null +++ b/roundcubemail-1.4.5-complete.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6e1c88be232f7165f538e7d91ba655bb416af6c4d34ec2c28dbb85734df752e2 +size 7031560 diff --git a/roundcubemail-1.4.5-complete.tar.gz.asc b/roundcubemail-1.4.5-complete.tar.gz.asc new file mode 100644 index 0000000..ccc645d --- /dev/null +++ b/roundcubemail-1.4.5-complete.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJHBAABCAAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAl7WtPoTHGRldnNAcm91 +bmRjdWJlLm5ldAAKCRDClGqWCc1WtIeCD/4kS3sOGmJfi/XUsK0ck6mE8GE9hzge +PhipXsabKq+ft/vaM/ntins7i9kNGYujJVbMuNA97niFbS+qj7NdomVk111g3zrh +6pU+tEPnrUCBy7TmPjrXqSxzHFnj8eMjHhXQ2lMfz+9otzPutiW4gxpGgDY4TGT2 +lXKgNAVP2sZgiorTJ+xsDiD2OV8+t4UoE215TpWcf1Z3MwKnXvkaIjLp/ERUS29R +Jly70PSLULh5iOokzYQ6hLSVtU/jVz6GANUn1+yneTsezcmMmk4Aqw/DjKZYP2+B +5VbRRpgGToMphNHaXe+tKsMiJ9elNgDYLn4OdPOHBYnI0936yY6xn2ZFUPRrEjXC +9/yPNvqxLBjn3XVrFDg3Bbkn615XSbacqaL2uBAcL9JQIpsYg1Tvp7Z4+sCfjh66 +6FiMgtgqrAFmJPTX7cWlVg2gwNlMSmsQtJ/wuJF3XlwYvcMxGp6I64TNHWo+Exqy +iIsYqRoRGL4DzV0kdFFNDCsG+NwwzuiXvoBiwJNekqVDSveTxAT3vhVIvCwXFg/c +M9VEAXUhtUWrxCjPwoxCIgKZ+sqjVn20gNF3YAT4rF2g1+qNdvjvC75LUMhdb0FC +A3T24gEUPwASZpj7ykEnPdaGtkx5lQ5DMDuzmPVzihOkl5dn+/DtpPD/FYlXQW1r +CGhlk2JRIWdGOQ== +=bDPe +-----END PGP SIGNATURE----- diff --git a/roundcubemail-1.4.4-config_dir.patch b/roundcubemail-1.4.5-config_dir.patch similarity index 100% rename from roundcubemail-1.4.4-config_dir.patch rename to roundcubemail-1.4.5-config_dir.patch diff --git a/roundcubemail.changes b/roundcubemail.changes index a81e598..d05be48 100644 --- a/roundcubemail.changes +++ b/roundcubemail.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Wed Jun 3 08:20:49 UTC 2020 - Lars Vogdt + +- update to 1.4.5 + Security fixes + * Fix XSS issue in template object 'username' (#7406) + * Fix cross-site scripting (XSS) via malicious XML attachment + * Fix a couple of XSS issues in Installer (#7406) + * Better fix for CVE-2020-12641 + Other changes + * Fix bug in extracting required plugins from composer.json that led + to spurious error in log (#7364) + * Fix so the database setup description is compatible with MySQL 8 (#7340) + * Markasjunk: Fix regression in jsevent driver (#7361) + * Fix missing flag indication on collapsed thread in Larry and Elastic (#7366) + * Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367) + * Password: Fix issue with Modoboa driver (#7372) + * Mailvelope: Use sender's address to find pubkeys to check signatures (#7348) + * Mailvelope: Fix Encrypt button hidden in Elastic (#7353) + * Fix PHP warning: count(): Parameter must be an array or an object... + in ID command handler (#7392) + * Fix error when user-configured skin does not exist anymore (#7271) + * Elastic: Fix aspect ratio of a contact photo in mail preview (#7339) + * Fix bug where PDF attachments marked as inline could have not been + attached on mail forward (#7382) + * Security: Fix a couple of XSS issues in Installer (#7406) + * Security: Fix XSS issue in template object 'username' (#7406) + * Security: Fix cross-site scripting (XSS) via malicious XML attachment + * Security: Better fix for CVE-2020-12641 +- renamed roundcubemail-1.4.4-config_dir.patch to + roundcubemail-1.4.5-config_dir.patch + ------------------------------------------------------------------- Wed Apr 29 22:16:50 UTC 2020 - Michael Ströder diff --git a/roundcubemail.spec b/roundcubemail.spec index 02e5553..1f9a5a5 100644 --- a/roundcubemail.spec +++ b/roundcubemail.spec @@ -22,7 +22,7 @@ %define roundcubeconfigpath %{_sysconfdir}/%{name} %define php_major_version %(php -r "echo PHP_MAJOR_VERSION;") Name: roundcubemail -Version: 1.4.4 +Version: 1.4.5 Release: 0 Summary: A browser-based multilingual IMAP client License: GPL-3.0-or-later AND GPL-2.0-only AND BSD-3-Clause