From b43bf55f269bf688ff77e13fe8b7ad678f08a0d50ef0b70c6292e91850bd1df5 Mon Sep 17 00:00:00 2001
From: Lars Vogdt <lrupp@suse.com>
Date: Mon, 28 Dec 2020 10:21:02 +0000
Subject: [PATCH 1/2] - update to 1.4.10:   * Stored cross-site scripting (XSS)
 via HTML or plain text messages     with malicious content [CVE-2020-35730]  
 * Fix extra angle brackets in In-Reply-To header derived from mailto: params
 (#7655)   * Fix folder list issue when special folder is a subfolder (#7647) 
  * Fix Elastic's folder subscription toggle in search result (#7653)   * Fix
 state of subscription toggle on folders list after changing     folder state
 from the search result (#7653)   * Security: Fix cross-site scripting (XSS)
 via HTML or plain text     messages with malicious content

OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=150
---
 roundcubemail-1.4.10-complete.tar.gz     |  3 +++
 roundcubemail-1.4.10-complete.tar.gz.asc | 17 +++++++++++++++++
 roundcubemail-1.4.9-complete.tar.gz      |  3 ---
 roundcubemail-1.4.9-complete.tar.gz.asc  | 17 -----------------
 roundcubemail.changes                    | 14 ++++++++++++++
 roundcubemail.spec                       |  2 +-
 6 files changed, 35 insertions(+), 21 deletions(-)
 create mode 100644 roundcubemail-1.4.10-complete.tar.gz
 create mode 100644 roundcubemail-1.4.10-complete.tar.gz.asc
 delete mode 100644 roundcubemail-1.4.9-complete.tar.gz
 delete mode 100644 roundcubemail-1.4.9-complete.tar.gz.asc

diff --git a/roundcubemail-1.4.10-complete.tar.gz b/roundcubemail-1.4.10-complete.tar.gz
new file mode 100644
index 0000000..650853b
--- /dev/null
+++ b/roundcubemail-1.4.10-complete.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a3d8c0dc4db70188f4aea3b62c1bd8b0b31b0c0f77f77138c0715e9d6ddd520f
+size 7043181
diff --git a/roundcubemail-1.4.10-complete.tar.gz.asc b/roundcubemail-1.4.10-complete.tar.gz.asc
new file mode 100644
index 0000000..4a83334
--- /dev/null
+++ b/roundcubemail-1.4.10-complete.tar.gz.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJHBAABCAAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAl/pA3MTHGRldnNAcm91
+bmRjdWJlLm5ldAAKCRDClGqWCc1WtCdFD/9xYhvIgnbToR1tZiZ2a/caYBZqWmhN
+Yh4FJRFcnv1BG4tRa+LPXINgA6jYPhH1AzpfniFRWzGKsTH0mWCgZq09ofwpVKtY
+Uo4Fw1csUe5PPTq8ldfbDw5PeRXyDnSWquSZlSofWJDHzwZKT7Jsqh94LWD08tl/
+RLZQAb4cM+98du5gQckgeIllFf8NTnZ401vMYnTss+VrcVAOFu+1TRr0yWtZqiAK
+BXhRnISq+bxUnISI7gDfWQDWRJvXa7Tb7oyZm4vCpfiPFCQK24QtTOCz2nKzwDOV
+n0aEhaubSDuKjI5awNI5DxnImLYQwSHhtML7lIv99aJcU5lDq2r/eDCz+tOgJaZH
+n/+d3h/yeosgOUmRgoUzr43Pgqnu6OQytViEdu5Ci8i3mbJijJaJHfBqNOEof6co
+W1ZFG64EcqjCXVvNqIMreU7+LU8YeMwK721H8nIlCtFmkm/X+HzrAa3FiSUwtgM9
+6iDeXSTiIIDLB9GnkCNlJq0pMG+jp2bXoxwoaNF5ngUuubFLoCy+ABbclM/w8W1u
++GF8PDUkdMReItWhD7aH2baFvzVP4c6ZWX6flucJeAbaGhEKf23MCCA2hOeJQSku
+H4dtDocj6UTCSYKAITrYnEyToS/n2VrCbtfF5I1XyMo+BqvXC39hYhhwHTYiexzl
+ClFINuUO3RUqKw==
+=eeV7
+-----END PGP SIGNATURE-----
diff --git a/roundcubemail-1.4.9-complete.tar.gz b/roundcubemail-1.4.9-complete.tar.gz
deleted file mode 100644
index 72ec821..0000000
--- a/roundcubemail-1.4.9-complete.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9fac7463a1365ac30c097dc03c3e22d17a73920fa728069c122e60b9d4c8ecb2
-size 7043437
diff --git a/roundcubemail-1.4.9-complete.tar.gz.asc b/roundcubemail-1.4.9-complete.tar.gz.asc
deleted file mode 100644
index 852767b..0000000
--- a/roundcubemail-1.4.9-complete.tar.gz.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJHBAABCAAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAl9w4m4THGRldnNAcm91
-bmRjdWJlLm5ldAAKCRDClGqWCc1WtEO2D/4suNPm0VH0y1xFaZnHBGyU4xTItTsI
-oABd5TroCaDn/8N60ahJ0nbEtdrJJ5rZOSt5bO7jgWvTiIAW2/+IFSRzRMURTpAV
-GN3k/lYizeb4+vteqgZV029lREROOkmNhLDgxHLH3Mb1vcszbwZbSIAbQ3QjLNIZ
-/elQRGHj5kkMibtfVtd+9yVqa2xa0294qje1YERbrpU9DEV9UO3FXiSOvPEq0rSY
-d0FsqI69COs/ijQmcGSScP2n+rFys8KRK6AFAHViUIRrGm5ljKpfLes2neo5d0mn
-HOdC9Wq54ofyF8lu6+6nnUv980XqBkB0maK67LgEzQSta++1LRPzVAqM8x37ufw4
-Muyfl8aDHbQjO2HyxdRHcUp00X+pIizHh4Hz0uLtJe6bhfGZnSgm4BQB/u9lIvgz
-17wT4qly5XfTmg4aIpbkDYUMjmBBuqmrTAkefKc3CpX8XCPMq3clYtqt3tEeFfIY
-oQ8fzZX6zFFXjKfx4NSvdk35HfMpjEa3TiU8TlG7UhAIiP/7/mKyLUZ1IVA4C9++
-Hff6k/qpvzHg2fFDH0QyRfuyzUKjAU4dCL6Q7bTopc2casRkypw8HGxnY0Lkqz3Y
-JT9nnaTowCX13WtXB1Klb5K5bdLOE9xWox9t1wUHV129fO86OmXY22tF15By4ylK
-BcbHZNQXy+EQ3Q==
-=aM0n
------END PGP SIGNATURE-----
diff --git a/roundcubemail.changes b/roundcubemail.changes
index ab59f4f..dcffa47 100644
--- a/roundcubemail.changes
+++ b/roundcubemail.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Mon Dec 28 10:17:11 UTC 2020 - Lars Vogdt <lars@linux-schulserver.de>
+
+- update to 1.4.10:
+  * Stored cross-site scripting (XSS) via HTML or plain text messages 
+    with malicious content [CVE-2020-35730]
+  * Fix extra angle brackets in In-Reply-To header derived from mailto: params (#7655)
+  * Fix folder list issue when special folder is a subfolder (#7647)
+  * Fix Elastic's folder subscription toggle in search result (#7653)
+  * Fix state of subscription toggle on folders list after changing 
+    folder state from the search result (#7653)
+  * Security: Fix cross-site scripting (XSS) via HTML or plain text 
+    messages with malicious content
+
 -------------------------------------------------------------------
 Tue Dec  1 14:37:42 UTC 2020 - pgajdos@suse.com
 
diff --git a/roundcubemail.spec b/roundcubemail.spec
index 673572a..622be80 100644
--- a/roundcubemail.spec
+++ b/roundcubemail.spec
@@ -20,7 +20,7 @@
 %define roundcubeconfigpath %{_sysconfdir}/%{name}
 %define php_major_version       %(php -r "echo PHP_MAJOR_VERSION;")
 Name:           roundcubemail
-Version:        1.4.9
+Version:        1.4.10
 Release:        0
 Summary:        A browser-based multilingual IMAP client
 License:        GPL-3.0-or-later AND GPL-2.0-only AND BSD-3-Clause

From cfa15e9068de5c44791498646b4d2218f33528f4bb05a71d41585c15d7e4fa29 Mon Sep 17 00:00:00 2001
From: Lars Vogdt <lrupp@suse.com>
Date: Mon, 28 Dec 2020 10:35:28 +0000
Subject: [PATCH 2/2] with malicious content ( CVE-2020-35730 boo#1180399 )

OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=151
---
 roundcubemail.changes | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roundcubemail.changes b/roundcubemail.changes
index dcffa47..0382aa4 100644
--- a/roundcubemail.changes
+++ b/roundcubemail.changes
@@ -3,7 +3,7 @@ Mon Dec 28 10:17:11 UTC 2020 - Lars Vogdt <lars@linux-schulserver.de>
 
 - update to 1.4.10:
   * Stored cross-site scripting (XSS) via HTML or plain text messages 
-    with malicious content [CVE-2020-35730]
+    with malicious content ( CVE-2020-35730 boo#1180399 )
   * Fix extra angle brackets in In-Reply-To header derived from mailto: params (#7655)
   * Fix folder list issue when special folder is a subfolder (#7647)
   * Fix Elastic's folder subscription toggle in search result (#7653)