Accepting request 646191 from server:php:applications

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/646191
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/roundcubemail?expand=0&rev=53

README.openSUSE

@@ -1,5 +1,4 @@
 
-
 This README contains additional information specific to the
 openSUSE package of roundcube.
 
@@ -27,16 +26,15 @@ roundcube user. Here is an example of that procedure:
 
 # mysql
 > CREATE DATABASE roundcubemail /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
-> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost
-  IDENTIFIED BY 'password';
+> GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'localhost' IDENTIFIED BY 'password';
+> FLUSH PRIVILEGES;
 > quit
 
 # mysql roundcubemail < /usr/share/doc/packages/roundcubemail/SQL/mysql.initial.sql
 
 Note 1: 'password' is the master password for the roundcube user. It is strongly
 recommended you replace this with a more secure password. Please keep in
-mind: You need to specify this password later in '/etc/roundcubemail/db.inc.php'.
-
+mind: You need to specify this password later in '/etc/roundcubemail/config.inc.php'.
 
 To use the integrated web based installer you need to enable it first
 in /etc/roundcubemail/config.inc.php:

roundcubemail-1.3.7-complete.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:31bd37d0f89dc634064f170c6ed8981c258754b6f81eccb59a2634b29d0bb01c
-size 5533537

roundcubemail-1.3.7-complete.tar.gz.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJHBAABCAAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAlteH0YTHGRldnNAcm91
-bmRjdWJlLm5ldAAKCRDClGqWCc1WtGUBD/9weX0OS7fz0pengfr573VoKOvLZmDS
-6EqNwFjHbky2D3QozCKFCa8GinJKtdU8vr9RBIsTZTU31IWFWpsU/AYyh6hyP6o5
-z5gnF7/mbgvViLjGO75uKAluHXShT81wpMY+PeTWtkM2gzknwYfJ+kWCLj/ZYHtL
-GrimnfgUYsro3zZaYDxW7Y2gY5l+A1M2UsDiYe6crgKccqq0qgyVA3dMrgPpbgkG
-9y3AopghJYkVqO+KLRBduOdJ51k+0KgE+JAT60pqDySGP7bhn/iFcFtJCwP8Moib
-OSlj/ciEQeUn2U3ipgh3HwOYAH2wqEpdqkfuRHG8j33LD/v/2cOwXii9vQkGt75V
-gfEYQ+vXfsgwkanQLV3Bg7uZH7T01iwWEIyXw3rpPCoPb9VuW6M+ZJd/IR9taPEz
-tX8em/vIDCfp7iyPhfv3ESyFNR8PvBPLFa39UYVtyaLgjzUf+iQFwfEk/kogYfTy
-8WPM+NdHMpYO78NmvQs/L49HkfdEeG5UshsaPJwBKcGGNGBPIjm9f0iIqGCHW+u3
-gUjnUxX02cjBf8aTR7590/hohnOcfxIcuwa/rkzH0XZu32comDl2bTdJbQXHQAih
-HmNs6rpE4n65OcG0CjracNXT3IPaY6rr34+DN6SHzC8il8M8vVzwS872OzSrkurq
-GxPJco3HalPeGQ==
-=R+Kb
------END PGP SIGNATURE-----

roundcubemail-1.3.8-complete.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c49e33f9643f98311b700138a1e1a0358c37b1205250e1124bd43d7f9a920d05
+size 5534385

roundcubemail-1.3.8-complete.tar.gz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJHBAABCAAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAlvSqV0THGRldnNAcm91
+bmRjdWJlLm5ldAAKCRDClGqWCc1WtGlbD/9YH2OUN+jESTiQK09e5KHzd9F4cDB1
+GGHQpz4fLC4a3NS3UOdSG80lCWW7S8UOcYW/Pl9Rw8qchrpHDM9fTiN4SqmzeY1A
+WyneE4zr0Ew7udH6hdv+hWyhnxJxkxNPoGFA4MIIPIhSg3EW/DO3Zr4caxyR8j/6
+XWizMEfG1qm8ujBc3gv0SQ/8NwekmB+laajnCZ5BBErIkbMz4rI1RXCvyLJVV+iD
+YLb7eonrMVh2lKqlclpKGpH+jpD1vMwTOqOyVSE7pGcSRLdDM2ZgcCXMt109b5TJ
+pg9MvR8wWnDttjPJ5OtUsuW/0QrxW0HLmOHZCvTn/52w/hQDH7eCLFqHHiMRWGj9
+TM3JdizYKave/6kw0COuSGdvw5t24t5WNn4yUHWx/49jiI9RfpMrpvj7SXyJgEZM
+n2kE5fvNfho23VCL9B6k3hpAhUYL3TP1xoxpV4+ci9DWBFnHGZnEYZsMmHtGCxH2
+DY8sQ/x3PaM1zb37oka3M10rLC+BuexYKlM2FUGZysYzxNEsw9mGBuz+M2jpmGnT
+411SIngWhvBjaBQcHvc4V9T8TaInXhpOBG0gjF4clDrLYJ7pV/63vLrtFdspFax4
+Is79zlmh6g3LARbplmTIpwwdVTuGHkmHhX7CmymOUrpL7luwc8HhzUdqB5+EIT9b
+8F3Ux+ohH1z1mg==
+=4zqI
+-----END PGP SIGNATURE-----

roundcubemail-httpd.conf

@@ -57,6 +57,8 @@ AddType text/x-component .htc
         php_value       session.gc_maxlifetime          21600
         php_value       session.gc_divisor              500
         php_value       session.gc_probability          1
+        # http://bugs.php.net/bug.php?id=30766
+        php_value       mbstring.func_overload          0
     </IfModule>
 
     <IfModule mod_php7.c>
@@ -80,6 +82,8 @@ AddType text/x-component .htc
         php_value       session.gc_maxlifetime          21600
         php_value       session.gc_divisor              500
         php_value       session.gc_probability          1
+        # http://bugs.php.net/bug.php?id=30766
+        php_value       mbstring.func_overload          0
     </IfModule>
 
     <IfModule mod_rewrite.c>
@@ -92,11 +96,11 @@ AddType text/x-component .htc
         #   in all locations except installer directory
         RewriteRule ^(?!installer|\.well-known\/|[a-f0-9]{16})(\.?[^\.]+)$ - [F]
         # - deny access to some locations
-        RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
+        RewriteRule ^/?(\.git|\.tx|\.md|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
         # - deny access to composer binaries
         RewriteRule ^/vendor\/bin\/.* - [F]
         # - deny access to some documentation files
-        RewriteRule /?(README\.md|composer\.json-dist|composer\.json|package\.xml|Dockerfile)$ - [F]
+        RewriteRule /?(README|INSTALL|LICENSE|CHANGELOG|composer\.json-dist|composer\.json|package\.xml|Dockerfile)$ - [F]
         # security rules
     </IfModule>
 
@@ -105,9 +109,17 @@ AddType text/x-component .htc
     </IfModule>
 
     <IfModule mod_headers.c>
-        #Header merge Cache-Control public env=!NO_CACHE
         # for better privacy/security ask browsers to not set the Referer
-        #Header set Content-Security-Policy "referrer no-referrer"
+        Header set Content-Security-Policy "referrer no-referrer"
+        # don't cache, please
+        Header merge Cache-Control public env=!NO_CACHE
+        <IfModule mod_ssl.c>
+            # HSTS - HTTP Strict Transport Security
+            Header always set Strict-Transport-Security "max-age=31536000; preload" env=HTTPS
+        </IfModule>
+        # X-Xss-Protection
+        # This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari (Webkit). 
+        Header set X-XSS-Protection "1; mode=block"
     </IfModule>
 
     <IfModule mod_expires.c>

roundcubemail.changes

@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Fri Oct 26 14:19:46 UTC 2018 - lars@linux-schulserver.de - 1.3.8
+
+- Upgrade to version 1.3.8:
+  * Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
+  * Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
+  * Enigma: Fix deleting keys with authentication subkeys (#6381)
+  * Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
+  * Fix so Classic skin splitter does not escape out of window (#6397)
+  * Fix XSS issue in handling invalid style tag content (#6410)
+  * Fix compatibility with MySQL 8 - error on 'system' table use
+  * Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
+  * New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
+  * Fix support for "allow-from " in x_frame_options config option (#6449)
+  * Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
+  * Fix multiple VCard field search (#6466)
+  * Fix session issue on long running requests (#6470)
+- add files with .log entry to logrotate config
+- enhance apache configuration by:
+  + disable mbstring function overload (http://bugs.php.net/bug.php?id=30766)
+  + do not allow to see README*, INSTALL, LICENSE or CHANGELOG files
+  + set additional headers:
+  ++ Content-Security-Policy: ask browsers to not set the referrer
+  ++ Cache-Control: ask not to cache the content
+  ++ Strict-Transport-Security: set HSTS rules for SSL traffic
+  ++ X-XSS-Protection: configure built in reflective XSS protection
+- adjust README.openSUSE: 
+  + db.inc.php is not used any longer
+  + flush privileges after creating/changing users in mysql
+- use %%license macro on newer distributions
+
 -------------------------------------------------------------------
 Sat Aug  4 20:59:18 UTC 2018 - michael@stroeder.com
 

roundcubemail.logrotate

@@ -1,4 +1,14 @@
-/var/log/roundcubemail/console /var/log/roundcubemail/errors /var/log/roundcubemail/imap /var/log/roundcubemail/ldap /var/log/roundcubemail/sendmail /var/log/roundcubemail/sieve /var/log/roundcubemail/smtp /var/log/roundcubemail/sql /var/log/roundcubemail/userlogins {
+/var/log/roundcubemail/console 
+/var/log/roundcubemail/errors 
+/var/log/roundcubemail/imap 
+/var/log/roundcubemail/ldap 
+/var/log/roundcubemail/sendmail 
+/var/log/roundcubemail/sieve 
+/var/log/roundcubemail/smtp 
+/var/log/roundcubemail/sql 
+/var/log/roundcubemail/userlogins 
+/var/log/roundcubemail/*.log 
+{
     missingok
     compress
     notifempty

roundcubemail.spec

@@ -12,12 +12,12 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
 Name:           roundcubemail
-Version:        1.3.7
+Version:        1.3.8
 Release:        0
 Summary:        A browser-based multilingual IMAP client
 License:        GPL-3.0-or-later AND GPL-2.0-only AND BSD-3-Clause
@@ -260,8 +260,10 @@ exit 0
 
 %files
 %defattr(0644, root, root,0755)
-%doc CHANGELOG
-%doc LICENSE
+%doc CHANGELOG LICENSE
+%if 0%{?suse_version} >= 1500
+%license LICENSE
+%endif
 %doc README.md
 %doc README.openSUSE
 %doc UPGRADING