From d685e2c3a3a8e0b37bed241cc7dcfe7f2f1668ef3243f72c744cd8574bfd9d82 Mon Sep 17 00:00:00 2001 From: Lars Vogdt Date: Mon, 6 Jul 2020 16:43:33 +0000 Subject: [PATCH] Accepting request 818992 from home:stroeder:branches:server:php:applications - update to 1.4.7 with security fix: * Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace * Fix bug where subfolders of special folders could have been duplicated on folder list * Increase maximum size of contact jobtitle and department fields to 128 characters * Fix missing newline after the logged line when writing to stdout (#7418) * Elastic: Fix context menu (paste) on the recipient input (#7431) * Fix problem with forwarding inline images attached to messages with no HTML part (#7414) * Fix problem with handling attached images with same name when using database_attachments/redundant_attachments (#7455) OBS-URL: https://build.opensuse.org/request/show/818992 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=143 --- roundcubemail-1.4.6-complete.tar.gz | 3 --- roundcubemail-1.4.6-complete.tar.gz.asc | 17 ----------------- roundcubemail-1.4.7-complete.tar.gz | 3 +++ roundcubemail-1.4.7-complete.tar.gz.asc | 17 +++++++++++++++++ ...atch => roundcubemail-1.4.7-config_dir.patch | 6 +++--- roundcubemail.changes | 13 +++++++++++++ roundcubemail.spec | 2 +- 7 files changed, 37 insertions(+), 24 deletions(-) delete mode 100644 roundcubemail-1.4.6-complete.tar.gz delete mode 100644 roundcubemail-1.4.6-complete.tar.gz.asc create mode 100644 roundcubemail-1.4.7-complete.tar.gz create mode 100644 roundcubemail-1.4.7-complete.tar.gz.asc rename roundcubemail-1.4.6-config_dir.patch => roundcubemail-1.4.7-config_dir.patch (70%) diff --git a/roundcubemail-1.4.6-complete.tar.gz b/roundcubemail-1.4.6-complete.tar.gz deleted file mode 100644 index 51a2c59..0000000 --- a/roundcubemail-1.4.6-complete.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:55db5fae9f518e529aeb190166445bda3ceab94bf0277cbb03291bd0e4febd1b -size 7031573 diff --git a/roundcubemail-1.4.6-complete.tar.gz.asc b/roundcubemail-1.4.6-complete.tar.gz.asc deleted file mode 100644 index 98c4a06..0000000 --- a/roundcubemail-1.4.6-complete.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJHBAABCAAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAl7czK4THGRldnNAcm91 -bmRjdWJlLm5ldAAKCRDClGqWCc1WtHWoD/9JkBY67BWBmYSUw75nlsI4yx39o4hb -Iw6OsrqWVtjgoxMr8JE3K0cwo9saHx7sNgXqD29ayFuqeIYTE8Gb2aexlesem5J8 -z+BDdnDaqrWqxwJkStFAe/trgF5itEuW+MpADIsV51sk6/pQ/vi9A6WvmuozFsqv -giyE7YR23rx7Tqf0fM9sJcriGepZkyu5NjEqZT8G2UVf4ewKzyKHGZNtSyz7e9s0 -Bn55+1Ak8Y3GPtnre376BVzLzzAbYzs1aa9Zr+VsxONZXEtwTS0ZEqco89HkWihN -mtLUimR0MeIoBIauVERUsOmHjVDmO6BWN/JiPu59xEho2ugIDvvI5/8SQF4Z386Q -h0g7AU51ya2Jz9k0u7QJ0zL9eAM1JW+cZYPepcRa21p/MKIBozfIuil9b4UoBjLs -VhUDR/KoZCbT9UqDKahgu/AqdBkxe4KcQYtn/LBvfKFLul6aKkTDToavG8MExZ8y -grOWwNOmBVbdh5jYLsIKQ36n0ISmh6ItM9LGpeqx/g1/PodAHBQybY5zs/gNMIix -mVJAIjMQexKsYueZ/WhPn4HFpDIPcbQ64Abmnk7N85TTK2es/l7U+X4sVPB9Ze0Y -MvZNS4gn3x2d3xhlytaIaSBID/PabJxMVM+MAUNNIbQDqxRuvcttXtpeCq9Oiwqr -XsYhel4zq465Sg== -=ql/T ------END PGP SIGNATURE----- diff --git a/roundcubemail-1.4.7-complete.tar.gz b/roundcubemail-1.4.7-complete.tar.gz new file mode 100644 index 0000000..9b5a69d --- /dev/null +++ b/roundcubemail-1.4.7-complete.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:26d85d27ff7ef491de09168a27df74a5574b7dd4127e6c2822c90a108c6aacc9 +size 7031947 diff --git a/roundcubemail-1.4.7-complete.tar.gz.asc b/roundcubemail-1.4.7-complete.tar.gz.asc new file mode 100644 index 0000000..3bc0f06 --- /dev/null +++ b/roundcubemail-1.4.7-complete.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJHBAABCAAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAl8CNNITHGRldnNAcm91 +bmRjdWJlLm5ldAAKCRDClGqWCc1WtOxrEAC8CRrTFi4UfZ0meKMSz/8cghNLGokS +9xMVR7xZ+XO3S6GsFZjS+g+qKXmOzIUXMfS7h9qQRBQHzjWynDSwr79kCzJ4QPF8 +yzdEpEWG2ycZmV6/312CvoPllbAZDQaNxIaW+jBtEmom5qzw9+V8bPgcpqJbBMBY +pr8jRaeEZ++cCS9jeUoIgCaGDbUZHGoGbnr4IE8JlfQD7vfbBdmnt8gr80BD22i2 +XbL8Yw6jaaAA5aEl8bEjhbAYpm1xf/LQxAD1MXuIGK/HGdnOvsIN2LAdXDNUsORX +hEDW2R2JE82qfJJH26WbSLIxfUEmPCE+QI4kPdaCgYVbk/ZxnWhvfeF0Z0PIDmzC +JctmqlkQFrM+0/29cclhdbW2XdH/xr2R/iiqPGId5kaI1hyZkRwWbH94Mvk/VtBd +8mslKIiU1LMXOjKe6H7GOe4ier0wWePPO9U1KhRdlicdXBuxxqJxG6m2R/jjTvOD +/wIbABfEifOqhXq0BwPMTIYOvmCa9bPy6LsmNE5Pr6qpViTdA5eookkGcHuEWnPt +dT+r+iqJHA2zPWQ+tgy0XNNk/qSzKXRJI2x8lN/h1Csz1i/b2Ue2Zq/MtOOWzjJg +KlUOBo4qawwSTWn4uvoZgTpUYwp4SvHSxyt9O5OJsoVFEm4h1mFbUxLLYNcamK2A +TX/E12D3rviCjA== +=giko +-----END PGP SIGNATURE----- diff --git a/roundcubemail-1.4.6-config_dir.patch b/roundcubemail-1.4.7-config_dir.patch similarity index 70% rename from roundcubemail-1.4.6-config_dir.patch rename to roundcubemail-1.4.7-config_dir.patch index eb82e7e..1460eca 100644 --- a/roundcubemail-1.4.6-config_dir.patch +++ b/roundcubemail-1.4.7-config_dir.patch @@ -1,7 +1,7 @@ -Index: roundcubemail-1.4.4/program/include/iniset.php +Index: roundcubemail-1.4.7/program/include/iniset.php =================================================================== ---- roundcubemail-1.4.4.orig/program/include/iniset.php -+++ roundcubemail-1.4.4/program/include/iniset.php +--- roundcubemail-1.4.7.orig/program/include/iniset.php ++++ roundcubemail-1.4.7/program/include/iniset.php @@ -28,7 +28,7 @@ if (!defined('INSTALL_PATH')) { } diff --git a/roundcubemail.changes b/roundcubemail.changes index 249285f..7f44979 100644 --- a/roundcubemail.changes +++ b/roundcubemail.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Mon Jul 6 12:00:02 UTC 2020 - Michael Ströder + +- update to 1.4.7 with security fix: + * Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace + * Fix bug where subfolders of special folders could have been duplicated on folder list + * Increase maximum size of contact jobtitle and department fields to 128 characters + * Fix missing newline after the logged line when writing to stdout (#7418) + * Elastic: Fix context menu (paste) on the recipient input (#7431) + * Fix problem with forwarding inline images attached to messages with no HTML part (#7414) + * Fix problem with handling attached images with same name when using + database_attachments/redundant_attachments (#7455) + ------------------------------------------------------------------- Fri Jul 3 18:43:00 UTC 2020 - chris@computersalat.de diff --git a/roundcubemail.spec b/roundcubemail.spec index 9574259..150e428 100644 --- a/roundcubemail.spec +++ b/roundcubemail.spec @@ -22,7 +22,7 @@ %define roundcubeconfigpath %{_sysconfdir}/%{name} %define php_major_version %(php -r "echo PHP_MAJOR_VERSION;") Name: roundcubemail -Version: 1.4.6 +Version: 1.4.7 Release: 0 Summary: A browser-based multilingual IMAP client License: GPL-3.0-or-later AND GPL-2.0-only AND BSD-3-Clause