From caa5409bff569d734d48a7bfa9383781db7f1366cd5ed000947504d01d65b6e5 Mon Sep 17 00:00:00 2001 From: Lars Vogdt Date: Thu, 13 Aug 2020 00:41:28 +0000 Subject: [PATCH] Accepting request 825662 from home:stroeder:branches:server:php:applications - update to 1.4.8 with security fixes: * Fix cross-site scripting (XSS) via HTML messages with malicious svg content (CVE-2020-16145) * Fix cross-site scripting (XSS) via HTML messages with malicious math content OBS-URL: https://build.opensuse.org/request/show/825662 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=145 --- roundcubemail-1.4.7-complete.tar.gz | 3 --- roundcubemail-1.4.7-complete.tar.gz.asc | 17 ----------------- roundcubemail-1.4.8-complete.tar.gz | 3 +++ roundcubemail-1.4.8-complete.tar.gz.asc | 17 +++++++++++++++++ ...atch => roundcubemail-1.4.8-config_dir.patch | 6 +++--- roundcubemail.changes | 7 +++++++ roundcubemail.spec | 2 +- 7 files changed, 31 insertions(+), 24 deletions(-) delete mode 100644 roundcubemail-1.4.7-complete.tar.gz delete mode 100644 roundcubemail-1.4.7-complete.tar.gz.asc create mode 100644 roundcubemail-1.4.8-complete.tar.gz create mode 100644 roundcubemail-1.4.8-complete.tar.gz.asc rename roundcubemail-1.4.7-config_dir.patch => roundcubemail-1.4.8-config_dir.patch (70%) diff --git a/roundcubemail-1.4.7-complete.tar.gz b/roundcubemail-1.4.7-complete.tar.gz deleted file mode 100644 index 9b5a69d..0000000 --- a/roundcubemail-1.4.7-complete.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:26d85d27ff7ef491de09168a27df74a5574b7dd4127e6c2822c90a108c6aacc9 -size 7031947 diff --git a/roundcubemail-1.4.7-complete.tar.gz.asc b/roundcubemail-1.4.7-complete.tar.gz.asc deleted file mode 100644 index 3bc0f06..0000000 --- a/roundcubemail-1.4.7-complete.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJHBAABCAAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAl8CNNITHGRldnNAcm91 -bmRjdWJlLm5ldAAKCRDClGqWCc1WtOxrEAC8CRrTFi4UfZ0meKMSz/8cghNLGokS -9xMVR7xZ+XO3S6GsFZjS+g+qKXmOzIUXMfS7h9qQRBQHzjWynDSwr79kCzJ4QPF8 -yzdEpEWG2ycZmV6/312CvoPllbAZDQaNxIaW+jBtEmom5qzw9+V8bPgcpqJbBMBY -pr8jRaeEZ++cCS9jeUoIgCaGDbUZHGoGbnr4IE8JlfQD7vfbBdmnt8gr80BD22i2 -XbL8Yw6jaaAA5aEl8bEjhbAYpm1xf/LQxAD1MXuIGK/HGdnOvsIN2LAdXDNUsORX -hEDW2R2JE82qfJJH26WbSLIxfUEmPCE+QI4kPdaCgYVbk/ZxnWhvfeF0Z0PIDmzC -JctmqlkQFrM+0/29cclhdbW2XdH/xr2R/iiqPGId5kaI1hyZkRwWbH94Mvk/VtBd -8mslKIiU1LMXOjKe6H7GOe4ier0wWePPO9U1KhRdlicdXBuxxqJxG6m2R/jjTvOD -/wIbABfEifOqhXq0BwPMTIYOvmCa9bPy6LsmNE5Pr6qpViTdA5eookkGcHuEWnPt -dT+r+iqJHA2zPWQ+tgy0XNNk/qSzKXRJI2x8lN/h1Csz1i/b2Ue2Zq/MtOOWzjJg -KlUOBo4qawwSTWn4uvoZgTpUYwp4SvHSxyt9O5OJsoVFEm4h1mFbUxLLYNcamK2A -TX/E12D3rviCjA== -=giko ------END PGP SIGNATURE----- diff --git a/roundcubemail-1.4.8-complete.tar.gz b/roundcubemail-1.4.8-complete.tar.gz new file mode 100644 index 0000000..345f8f3 --- /dev/null +++ b/roundcubemail-1.4.8-complete.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d91490c55b357391efd3e10863bcdf897595df33a8c73faa2ea9df3391d06a4a +size 7032822 diff --git a/roundcubemail-1.4.8-complete.tar.gz.asc b/roundcubemail-1.4.8-complete.tar.gz.asc new file mode 100644 index 0000000..b8b2846 --- /dev/null +++ b/roundcubemail-1.4.8-complete.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJHBAABCAAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAl8xm8ETHGRldnNAcm91 +bmRjdWJlLm5ldAAKCRDClGqWCc1WtMxgD/41V6BpSrdz3Z4ZjGWxCHm3D/IJFK/9 +w/wXdM2ONxZu27RrtDVn0WPx4hJQ27xcPJi8Gq8ZAd7PK5TSFq0RYBpHq41u/kad +dVrN7AJq+KGRkkUVBfrrqPVQY0tkeHnG5YFv6IxD4qILs/JurZ3Zed0glcMq11b5 +eRAL00q/0vMeXMjbCEZDlCtzmHsqEY03f9dDBfRImhiMGU3W7QWv7fB4hCqPOGVg +mIWfbTO4JhgvdHIP30fJe79Fii0V4K7vUaZO7c0vPZ3Y8QzUgenoqdHrDqe6pCGg +M06P4incxa8YwjIkA1yuzraITVmG517JQoyv/xjG6GRqGDvw+Xo4Q514LP/piOrD +ZaQcXy60ytb8ywGFoIN4cGRpI0uN3WLVKc05J81NqU6O/DcwQK6nJkUE2D+QqQpr +dSTc06cawKKPOKnIGLicJX/JHsrMDFwqmN6d07YA5rpRasZUwpzhrN2DGCxl2ir4 +tGviz0q/ZEche1uIzRZtFFsfm1MAaCsQ2xeHWqU+LSkCgXtSKMHblUy6KORBnP6Q +9X1IiRsYzaXrpDU5g4DWQRwYSJYNxjpmdMDI3uxa7uLrQ/v8uCyvy4yWhjOCX1wA +zdbLJC2oWe0bhC5gdHEmgwAbTO9E+Az5i57BNCfyU3/Qy45VYEnTrrV8NwNuVVf/ +vY9DlDyD5VKo+Q== +=zXiu +-----END PGP SIGNATURE----- diff --git a/roundcubemail-1.4.7-config_dir.patch b/roundcubemail-1.4.8-config_dir.patch similarity index 70% rename from roundcubemail-1.4.7-config_dir.patch rename to roundcubemail-1.4.8-config_dir.patch index 1460eca..8a3b702 100644 --- a/roundcubemail-1.4.7-config_dir.patch +++ b/roundcubemail-1.4.8-config_dir.patch @@ -1,7 +1,7 @@ -Index: roundcubemail-1.4.7/program/include/iniset.php +Index: roundcubemail-1.4.8/program/include/iniset.php =================================================================== ---- roundcubemail-1.4.7.orig/program/include/iniset.php -+++ roundcubemail-1.4.7/program/include/iniset.php +--- roundcubemail-1.4.8.orig/program/include/iniset.php ++++ roundcubemail-1.4.8/program/include/iniset.php @@ -28,7 +28,7 @@ if (!defined('INSTALL_PATH')) { } diff --git a/roundcubemail.changes b/roundcubemail.changes index 2e3719c..e745139 100644 --- a/roundcubemail.changes +++ b/roundcubemail.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Aug 11 03:52:20 UTC 2020 - Michael Ströder + +- update to 1.4.8 with security fixes: + * Fix cross-site scripting (XSS) via HTML messages with malicious svg content (CVE-2020-16145) + * Fix cross-site scripting (XSS) via HTML messages with malicious math content + ------------------------------------------------------------------- Mon Jul 6 12:00:02 UTC 2020 - Michael Ströder diff --git a/roundcubemail.spec b/roundcubemail.spec index 150e428..2246710 100644 --- a/roundcubemail.spec +++ b/roundcubemail.spec @@ -22,7 +22,7 @@ %define roundcubeconfigpath %{_sysconfdir}/%{name} %define php_major_version %(php -r "echo PHP_MAJOR_VERSION;") Name: roundcubemail -Version: 1.4.7 +Version: 1.4.8 Release: 0 Summary: A browser-based multilingual IMAP client License: GPL-3.0-or-later AND GPL-2.0-only AND BSD-3-Clause